Unsubscribe Confirmation Request Scams
An increase in unsubscribe confirmation scams has been observed, with the intent of collecting working email addresses to perform other attacks. The email may contain “Confirm your unsubscribe request” in the subject line and a generic message without specific information related to the unsubscribe request. If the unsubscribe button is clicked, then a new message will be created and sent to 15-20 email addresses for domains hosted by noip[.]com’s free dynamic DNS service. The NJCCIC recommends users avoid clicking on links and opening attachments within unsolicited or unexpected emails, even those appearing to be from known senders. Users are advised to, instead, navigate to websites by manually typing the URL into the address bar of their browser. If the user is uncertain of the email’s legitimacy, contact the sender via an alternate method. We advise users to refrain from responding to the email as this confirms delivery of the phishing email to the threat actor. Additionally, educating users about this and similar threats can reduce victimization. Further details may be found in the BleepingComputer post.