From Sophos –
“Naked Security” by Alan Zeichick on September 4, 2014
5 things you should know
about email unsubscribe links before you click
Sorry, something happened and we couldn't sign you up.
Please come back later and try again.
Congratulations, you've successfully signed up for our
daily news! Check your inbox soon, we've sent you an email.
Sorry, we won't accept that email address. Please try a
different address.
We're adding your address to our list...
Don't show me this again
We all get
emails we don’t want, and cleaning them up can be as easy as clicking
'unsubscribe' at the bottom of the email.
However, some
of those handy little links can cause more trouble than they solve.
You may end up
giving the sender a lot of information about you, or even an opportunity to
infect you with malware.
Of course, not
everyone who sends you mail is a spammer and if you know that a sender is
trustworthy it’s safe to unsubscribe.
Unfortunately
phishing attacks rely on the fact that it’s very, very easy to fake who and
where an email has come from so it's all but impossible to be 100% sure who has
sent you an email.
Here are 5
reasons why unsubscribing can be a bad idea, whether you do it by sending a
reply email or opening an "unsubscribe" web link:
1. You have confirmed to the sender that your email address is both valid
and in active use.
If the sender
is unscrupulous then the volume of email you receive will most likely go up,
not down. Worse, now that you have validated your address the spammer can sell
it to his friends. So you are probably going to hear from them too.
2. By responding to the email, you have positively confirmed that you
have opened and read it and may be
slightly interested in the subject matter, whether it’s getting money from a
foreign prince, a penny stock tip or a diet supplement.
That’s
wonderful information for the mailer and his pals.
3. If your response goes back via email - perhaps the process requires you to reply with the
words "unsubscribe," or the unsubscribe link in the message opens up
an email window - then not only have you confirmed that your address is active,
but your return email will leak information about your email software too.
Emails contain
meta information, known as email headers, and you can tell what kind of email
software somebody is using (and imply something about their computer) from the
contents and arrangement of the headers.
4. If your response opens up a browser window then you’re giving away
even more about yourself. By visiting
the spammer’s website you’re giving them information about your geographic
location (calculated based on your IP address), your computer operating system
and your browser.
The sender can
also give you a cookie which means that if you visit any other websites they
own (perhaps by clicking unsubscribe links in other emails) they’ll be able to
identify you personally.
5. The most scary of all: if you visit
a website owned by a spammer you’re giving them a chance to install malware on
your computer, even if you don’t click anything.
These kind of
attacks, known as drive-by
downloads, can be
tailored to use exploits the spammer knows you are vulnerable to thanks to the
information you’ve shared unwittingly about your operating system and browser.
So how do you avoid unwanted email without unsubscribing?
If the message
is unsolicited then mark it as spam.
Marking
something as spam not only deletes the message (or puts it into your trash) it
also teaches your email software about what you consider spam so that it can
better detect and block nefarious messages in the future and adapt as the
spammers change their tricks.
This not only
helps you, but also everyone else too.
============================================
In
addition to this blog, I have authored the premiere book on
Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance
and Add Power to Your Email". You can view my profile, reviews of the
book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment