Unsubscribing from Emails—A New Malware Threat

 In Posts

Over the past few months, you have probably noticed more and more emails being sent in compliance with the requirements of the General Data Protection Regulation (GDPR). Many of these are legitimate, but unfortunately, hackers are now taking advantage of the “unsubscribe” links in these emails to deliver malware and attempt to collect more of your personal information.

What is GDPR?

Going into effect on May 25, 2018, the GDPR is the new standard for data privacy and anonymity required by all companies in the EU and for foreign companies that do business with EU citizens. Simply, GDPR is a powerful, consumer-friendly directive that requires businesses to obtain consent when collecting data, which must be “freely given, specific, informed, and unambiguous.”

What’s Happening?

A large policy change like this requires that companies rewrite and publish compliant privacy policy documents and inform their customer of changes. If applicable, they must also give their customers explicit ways to opt-in to data collection (rather than only opting-out). This is generating millions of emails referencing these policy changes and millions of potentially harmful links.

Like the hacking groups that took advantage of tax filing deadlines to prey on people via email, these groups are now taking advantage of those among us who simply want to declutter our inboxes more permanently by unsubscribing.

Essentially a phishing email, these hackers will attempt to direct you to sites designed to infect your computer with malware or capture additional personal information by offering a disingenuous “unsubscribe” button.

What Should I Do?

There are a few simple options EVAN recommends at this time:

  • If you recognize the sender as a company you have done business with and can verify the source of the email (tips on that here), it is likely safe to unsubscribe directly from within the email.
    • If in doubt, head to the company’s website directly and look for the “unsubscribe” options there.
  • Simply delete the email. This will not prevent further messages from arriving, but it puts you at no risk.
  • Block the sender:

In Outlook – Right click on the message > Junk > Block Sender. This will send future messages direct to your Junk Email folder:

In Gmail – Click the “Report Spam” button next to “Delete.” Like Outlook, this will put all future messages from that sender into a spam folder:


EVAN is more than just a great source of technology information; we have Master Certified Professionals waiting to meet your IT needs right now.

Request help from a Pro

Explore our services

Recommended Posts

Leave a Comment