Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Malicious “Confirm Your Unsubscribe” Emails

A long-running email scam that pretends to an unsubscribe confirmation request has been seen on the rise lately. Over the past week, researchers have seen a constant stream of emails with the subject line of “Confirm your unsubscribe request,” or “Client #28961242 hit reply to confirm unsubscribe.” Unlike normal unsubscribe confirmation emails, these do not contain any information as to what or who a user is trying to unsubscribe from. These malicious emails come in several templates with varying degrees of professionalism. If a user mistakenly replies to these emails, it is sent to several email addresses that are preprogrammed in the response. Scammers use bots to send these malicious emails to a large number of random email addresses. Whenever a response is received, it goes into a list of “live” emails that are either sold for marketing purposes or used for targeted phishing campaigns such as diet pills, vitamins and a multitude of loan offers. Researchers have yet to be able to track the owners of the email recipients that responses are sent to, as they change continuously.

Analyst Notes

If a user receives an email such as this without unsubscribing from a list, then the email should be simply deleted. If the user does not recognize the sender by looking at the sender’s email address, then the email should be treated with suspicion.