An email phishing campaign that BleepingComputer describes as “long-running” has shown a distinct uptick recently. The phishbait in the subject line will read something like this: "Confirm your unsubscribe request," or this: "Client #980920318 To_STOP_Receiving These Emails From Us Hit reply And Let Us Know.” There is no mention of exactly what it is that you may have asked to have your subscription removed, but they really do want to hear from you.
The best course of action, should you receive one of these emails, is simply to delete it as you would any other spam. Should you be so incautious as to click on the “unsubscribe” link or button the email offers, you will find that doing so composes an email message with no body text and the word “Unsubscribe” as the subject. It will be addressed to some fifteen-to-twenty recipients.
Why would the criminals want to do this? They are in all likelihood harvesting live email addresses, and live email addresses from polite people who are likely to open and act on other email messages they receive. Such lists can be used in other, more lucrative scams. They can also be sold on the black market to other criminals. In this case, unsubscribing will draw more spam, not less.
The trick may be an old one, but criminals revert to methods that work. Sophistication is not their goal. Money is. This kind of scam can also cause problems for organizations whose well-intentioned employees might think they are relieving the organization of some burdensome spam. New school awareness training can help employees shrug this king of message off. Say “include me out” under your breath and hit delete.
BleepingComputer has the story: https://www.bleepingcomputer.com/news/security/beware-of-emails-asking-you-to-confirm-your-unsubscribe-request/
Will your users respond to phishing emails?
KnowBe4's new Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!
Here's how it works:
- Immediately start your test with your choice of three phishing email reply scenarios
- Spoof a Sender’s name and email address your users know and trust
- Phishes for user replies and returns the results to you within minutes
- Get a PDF emailed to you within 24 hours with the percentage of users that replied
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: