Fake Unsubscribe Link Scams
Clicking an 'unsubscribe' link in a spam or scam email confirms your address is active, leading to more spam, credential phishing, or malware download rather than stopping messages.
Last reviewed: 1 June 2026
What this scam is
Fake unsubscribe link scams exploit a deeply conditioned behaviour: clicking the unsubscribe link in an unwanted email. Legitimate marketers are required by law in many countries to include a functional unsubscribe mechanism in commercial emails. This means consumers are trained to use unsubscribe links as a routine response to unwanted messages.
Fraudsters embed unsubscribe links in spam and scam emails that, rather than removing you from a mailing list, perform one or more harmful actions: they confirm to the sender that your email address is active and monitored, greatly increasing its value in the spam economy; they redirect to a phishing page that captures your email credentials or asks you to 'confirm' your email and password to complete the unsubscription; they trigger a download of malicious software onto your device; or they redirect to an advertising page that generates revenue for the sender by recording the click.
In some cases, clicking an unsubscribe link is the primary mechanism through which a spam campaign harvests confirmed active addresses. A mass spam send followed by a request to 'click here to unsubscribe' can convert a raw list of email addresses — many of which may be inactive — into a refined list of active, monitored accounts, which are worth significantly more to other spammers and fraudsters.
This scam is distinct from legitimate unsubscribe processes. The distinguishing features are: the original email was unsolicited and from an unknown sender; the unsubscribe page asks for credentials or additional information; or the email is clearly commercial spam of a suspicious nature.
How it works
You receive an email that appears to be commercial marketing but from a sender you do not recognise. The email contains an unsubscribe link at the bottom, as legitimate commercial emails do. Your natural response is to click it to stop receiving similar messages.
Clickin the link sends a request to a server controlled by the spammer, recording your email address as active. In some implementations, the link opens a page that asks you to 'confirm your email address' to complete unsubscription — obtaining your typed confirmation that the address is active.
In the phishing variant, the unsubscribe page is designed to look like an email provider login screen. It claims your subscription cannot be managed without verifying your identity, and asks for your email address and password. These credentials are captured and used to access your email account.
In the malware variant, clicking the link triggers a download — sometimes disguised as a browser plugin or PDF — that installs software on your device.
After the click, rather than receiving fewer emails, you typically receive significantly more, because your address has been added to additional lists as a confirmed active account.
Why this scam works
The unsubscribe convention is one of the most reliable behavioural triggers in email. It is required in genuine commercial email, widely used, and strongly associated with taking control of an unwanted situation. Fraudsters insert themselves into this conditioned behaviour precisely because victims are acting habitually rather than evaluating each individual link.
Common red flags
- Email is from an unrecognised sender you have never subscribed to
- Unsubscribe page asks you to enter your email address or log in
- Unsubscribe page asks for your email password
- Clicking unsubscribe triggers a file download
- After unsubscribing you receive more spam, not less
- Email lacks a recognisable company name, address, or contact details
- Unsubscribe page URL is unrelated to the email sender's claimed identity
- Email has every appearance of bulk unsolicited mail rather than a service you use
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
You are receiving this email because you subscribed to [vague service]. To unsubscribe, click here: [link].
To stop receiving these emails, confirm your email address at [link]. Enter your email and password to remove yourself.
Manage your preferences at [link]. Enter your credentials to update your subscription settings.
Click to unsubscribe: [link]. Note: you must verify your identity to complete the unsubscription process.
Common variations
- Address confirmation unsubscribe — page asks you to type your email address to 'confirm' removal
- Credential phishing unsubscribe — page mimics an email login to steal your password
- Malware delivery — clicking the link triggers a file download
- Click confirmation only — no page loads, but the click records your address as active
- Preference centre phishing — fake marketing preference page captures personal data
How to verify before you act
Before clicking any unsubscribe link, ask one question: did I ever sign up for communications from this sender? If the answer is no, use the spam or junk report function in your email client instead. This achieves the same result — stopping future messages — without confirming to the sender that your address is active.
Payment methods used
- Not directly financial — harm is address confirmation, credential theft, or malware
Who is usually targeted
- Email users who receive significant volumes of spam
- Anyone conditioned to use unsubscribe links to manage their inbox
- People unfamiliar with spam-marking tools in their email client
What to do immediately
- Do not click the unsubscribe link in any email from an unknown or suspicious sender
- Mark the email as spam or junk using your email provider's function
- If you have already clicked and entered credentials, change your email password immediately
- Enable two-factor authentication on your email account
- Run a security scan on your device if the unsubscribe link triggered any download
- Report the email to your email provider as phishing if the unsubscribe page asked for credentials
How to prevent it
- Use your email provider's spam or junk reporting function instead of unsubscribing from unknown senders
- Only use unsubscribe links in emails from senders you genuinely recognise and remember signing up with
- Enable two-factor authentication on your email account
- Keep your email client updated so known phishing domains are blocked
- Be suspicious of any unsubscribe process that requires you to log in or enter a password
Evidence to preserve
- The original email including full headers
- The URL of the unsubscribe link
- Screenshot of any page you were directed to
- Note of any information you entered on the page
- Records of any downloaded files
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Is it ever safe to click unsubscribe?
Yes — from senders you genuinely recognise. If you signed up for a newsletter and want to stop receiving it, clicking their unsubscribe link is the correct approach. The risk is with unsolicited emails from unknown senders, where the unsubscribe link may serve the sender's interests rather than yours.
What should I do instead of clicking unsubscribe for spam?
Use the spam or junk button in your email client. Most providers use this data to improve their filters and will stop delivering future messages from that sender. It achieves the same practical result — fewer unwanted messages — without confirming your address to the sender.