New scam unsubscribe and prize emails are harder to spot

A tsunami of legitimate-looking unsubscribe and prize emails are ripping off tens of thousands of Australians. It is all driven by dark web AI that knows what Aussies read and where they shop.

Let’s pick a pretty obvious one – Amazon Prime, but it could easily be Woolworths, Coles, Target, Big W, Kmart, Rebel, etc – any Aussie franchise.

Unsubscribe emails

Amazon starts sending you emails whether it has ever sold something to you or not. They look legitimate because they are simply ‘scraped’ by AI and sent to its AI-developed dark web email list. The emails are 99% perfect (because they are) and all but one link clicks through to the right pages. That one link is the killer as it takes you to a legitimate-looking unsubscribe page where you are asked to enter your login and password, often followed by a brief questionnaire on your unsubscribe reasons before popping up.

Even if you have not shopped at Amazon the likelihood of you putting in your commonly used login and password is extremely high – Aussies hate junk email.

Voila – you have just given your email and password to the dark web. That is gold because so many people use the same or similar passwords across websites. Even if you don’t unsubscribe AI knows you have read the email and are a live target. Or worse, just downloaded malware/spyware.

Prize emails

We all like a prize or present. Recently a gift card provider (it could be any retailer, Telco, NBN provder, cinema, charity etc) started sending emails to past customers to try and reactivate them. In this case, the reward was a $50 gift card. The email was legitimate (as per the example above) and all you had to do was log in to collect. AI jumped on that opportunity and shortly after sent the altered email to its list.

The login took you to a legitimate-looking page where you placed a common login and password. Naturally, that did not work, and a message popped up – “Forgot your password – click here’. That screen asked you to verify who you are via an SMS to your mobile number.

Voila – you have just given your email, password and mobile number to the dark web.

What can you do?

If you receive unwanted unsubscribe or prize emails and the link takes you to a login page – DON’T!

Use the email junk option to block the sender instead.

The scammers are looking for active email addresses and common passwords so AI can try to log in with that or variances of the same.

Trend Micro and Nortons AV (paid versions) have a great record in identifying these poisoned link scam emails.

CyberShack scam news

ACCC Scam alert

Brought to you by CyberShack.com.au