Pelican Parts Forums - a cyber security question.

Pelican Parts Forums (http://forums.pelicanparts.com/)

- Off Topic Discussions (http://forums.pelicanparts.com/off-topic-discussions/)

- - a cyber security question. (http://forums.pelicanparts.com/off-topic-discussions/1171616-cyber-security-question.html)

a cyber security question.

the unsubscribe link. that can be a link to malware right?

my fishing outfitter apparently sold my info to EVERYONE in the industry. I have been unsubscribing. got me thinking. that is a pretty good trap.

I hover my mouse, but I dont know what I am looking for at that point.

tips?

Most unsubscribe links are just to verify your email is legit.

I just mark it as spam, and forget it. The next one from them will go right to my spam folder.

The only time unsubscribe is valid is a major retailer. If it came unsolicited, just mark it spam and move on. If it came from a company you use and is some ad, then unsubscribe.

Any email link could be suspect if you're not careful - which is why normally it's suggested for you to type in the website URL yourself to login to site such as paypal, amazon, your bank, etc.

There are methods/patterns to visually inspect a link to help determine if it is suspect -

https://intezer.com/blog/incident-response/url-analysis-phishing-part-1/

If I know the business and it's a big well known chain, then I'll use the unsubscribe. If I was getting unwanted emails from Starbucks, Home Depot, CVS, I wouldn't hesitate to unsubscribe. (assuming I was sure that's where the emails were coming from).

If I don't know the vendor, then I usually just mark them as junk and/or block the sender.

Unfortunately, by looking at the URL, it's really hard to tell, because almost all of the folks that have "unsubscribe" links, outsource that action to third party companies. So if you were going to unsubscribe to Home Depot emails, the link may or may not be to a Home Depot URL.

Here's a few examples of valid unsubscribe URLs from emails.

Big companies that have their own page.

HD unsubscribe
https://page.mg.homedepot.com/<blah, blah, blah, lots more gibberish>

Bose unsubscribe
https://click.email.bose.com/<blah, blah, blah, lots more gibberish>

Amazon unsubscribe
https://www.amazon.com/gp/r.html<blah, blah, blah, lots more gibberish>

Bosch home appliances unsubscribe
https://smc-link.s4hana.ondemand.com/eu/data-buffer/sap/public/cuan/<blah, blah, blah, lots more gibberish>

LLBean unsubscribe
https://e.e4.llbean.com/<blah, blah, blah, lots more gibberish>

Smaller companies that outsource the "unsubscribing" to someone else.

Unsubscribe from a company that I've done business with "Palouse"
https://nyn.soundestlink.com/contactsPreferences/v2/unsubscribe/<blah, blah, blah, lots more gibberish>

Quote:

Originally Posted by GH85Carrera (Post 12376316)

The only time unsubscribe is valid is a major retailer. If it came unsolicited, just mark it spam and move on. If it came from a company you use and is some ad, then unsubscribe.

Exactly that.

Quite a few of those lists don't honor the unsubscribe, or it is pointing at someone besides you.

Three things I do for this stuff -

1 - each company, entity, etc. that I give an email to gets a unique address, usually with the group/company name in it. Makes it easy to find out who sold my info or let it get stolen.

2 - set up a filter on your inbox, any message that contains "Unsubscribe" is sent to its own sub-folder automatically, and I basically ignore them unless I'm looking for a specific sale from Bass Pro, etc.

3 - if someone sells my info and causes too much incoming mail (ie, the tax collector when I paid my speeding ticket - had spam for traffic school before I had my payment receipt) I can redirect all mail to that address at the server level. Either drop it (no fun, but at least I don't see it) or what I'll typically do is find out the most important person in that group/company and their email, redirect the address to that, and then go sign that address up for some gay porn, etc. Figure turn about is fair play.

I once clicked on an "unsubscribe" link from a store that sold my info, and yeah, it led to a bunch of spam and malware attempts. Hovering over links is a good first step, but even then, it’s hard to tell what you’re dealing with sometimes. One thing I learned the hard way is to always check the domain name in the URL. Also, I’ve started using tools like Premium IP Stresser for secure network testing—kind of like an ip booter, but it helps me check if my network’s exposed to malicious links before I dive in. Just being cautious really helps! If it’s something unfamiliar or looks weird, don’t click.