A long-running email scam that pretends to an unsubscribe confirmation request has been seen on the rise lately. Over the past week, researchers have seen a constant stream of emails with the subject line of “Confirm your unsubscribe request,” or “Client #28961242 hit reply to confirm unsubscribe.” Unlike normal unsubscribe confirmation emails, these do not contain any information as to what or who a user is trying to unsubscribe from. These malicious emails come in several templates with varying degrees of professionalism. If a user mistakenly replies to these emails, it is sent to several email addresses that are preprogrammed in the response. Scammers use bots to send these malicious emails to a large number of random email addresses. Whenever a response is received, it goes into a list of “live” emails that are either sold for marketing purposes or used for targeted phishing campaigns such as diet pills, vitamins and a multitude of loan offers. Researchers have yet to be able to track the owners of the email recipients that responses are sent to, as they change continuously.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is