Fake Unsubscribe Link Scams via Email
How scammers embed fraudulent unsubscribe links in spam emails that confirm your address is active, harvest credentials, or silently enrol you in additional marketing.
Part of: Fake Unsubscribe Link Scams
Last reviewed: 8 June 2026
The unsubscribe link is a trusted convention in email marketing — a legal requirement in many jurisdictions and a good-faith signal that the sender will honour opt-out requests. Scammers exploit this trust by including fake unsubscribe links that do the opposite of what they promise: confirming that the email address is active and monitored, which increases its value on spam lists.
More dangerous variants redirect the click to a phishing page where credentials or payment details are harvested under the guise of completing the unsubscribe process. The victim believes they have safely removed themselves from a mailing list, when in reality they have been trapped.
How this scam works on email
A spam or unsolicited marketing email arrives with an unsubscribe link at the bottom. Clicking it either loads a blank page — confirming delivery to an active address — or redirects to a form requesting an email address and sometimes a password to 'complete the process'. The address is then sold as confirmed active, increasing the volume of future spam, or the credentials harvested are used for account takeover.
A third variant silently enrolls the clicker in additional marketing lists operated by the same network. These variants are particularly common in pill-spam, diet-supplement, and financial-services scam emails.
Common red flags
- Unsolicited email you did not subscribe to contains an unsubscribe link
- Clicking unsubscribe redirects you to an external site requesting login or email entry
- Spam volume increases after you clicked an unsubscribe link in that sender's emails
- Unsubscribe page asks for more information than just your email address to remove you
- Sender domain is a random string of characters rather than a recognisable company name
- Multiple different brands or promotions arrive from the same underlying sending server
How to protect yourself
- Never click unsubscribe links in emails you did not willingly subscribe to
- Use your email provider's spam-reporting feature to block senders instead
- For legitimate subscriptions you want to leave, use the official website to manage preferences
- Use a unique email alias for each subscription service to identify which one sold your address
- A password manager will alert you if an unsubscribe page is harvesting credentials
How to report it
- Forward the email to your national spam-reporting service (US: [email protected]; UK: [email protected])
- Report the email sender to your email provider
- Report to the FTC at reportfraud.ftc.gov (US) for CAN-SPAM violations
Frequently asked questions
Why does clicking unsubscribe sometimes increase the spam I receive?
Scammers send to lists of addresses including inactive ones. Clicking confirms your address is live and monitored, making it more valuable to resell. Spam-report the email instead to block the sender without confirming your address.