Written by Brandon Grundy, CFP®.

Don't Click Anything?

Good morning and Happy Tuesday! It’s another week with a ton going on in the world but let’s look at something from the WSJ in recent days about personal cybersecurity.

The article offered a warning to think twice before clicking on the standard “unsubscribe” link at the bottom of marketing emails we receive. If you’re inbox is like mine you’re getting at least several each day. Maybe a few are relevant but most aren’t even close and leave me wondering how this person or business even got my email address. I understand how that can work but receiving boatloads of unsolicited email is annoying. It’s nice to be able to remove myself from the sender’s list and I try to be diligent about unsubscribing. But now even that might not be safe anymore. It’s sort of a sad commentary on how much risk we unwittingly accept in trade for convenience.

The article says a recent study found that a small but meaningful portion of unsubscribe links were actually sending people to malicious sites for various fraudulent reasons. Sometimes the links are phishing attempts to test which email addresses have a live person on the other end. That person could be a good target for a social engineering scam and extortion. Yikes!

I’ll provide a link to the full article below but here are my notes.

“Trust is relative”, according to a cybersecurity expert quoted in the article. You might trust your email provider but then distrust a specific email. This might sound paranoid but a little paranoia goes a long way. Clicking on anything within an email, such as an unsubscribe link, takes you outside of your trusted email environment and into the wild west of the internet. Do you know the sender? Does the sender’s email address look valid when hovering over it with your cursor? Are there minor misspellings? The clues can be subtle.

Often an unsubscribe link takes you to a third-party site to finish the process. This can be legitimate but the third-party site shouldn’t ask you to log in – asking for your password is a red flag and experts suggest not doing it. Instead, close that page and go directly to the company’s site and log in if needed to update your marketing preferences.

While it’s possible for an unsubscribe link to expose your system to malware, apparently that’s less of an issue than your click confirming that a live person is on the other end of the email. I first heard of this problem years ago with robocalls – a real person picking up the phone makes your number more valuable and would often mean more calls from more companies, even if you told the original company to remove you from their list.

Beyond simply not clicking on anything anymore, which is a reasonable response but not very practical, experts suggest using tools built into your existing email to opt out within a header of some kind. This lets you unsubscribe without clicking on a link in the body of an email. That sounds good in theory but I don’t see that as an option in my Outlook. Gmail offers this so I’m guessing this capability is out there, just buried a bit. Third-party providers like Trimbox offer to make this process easier and help with security, but then you’re hooking them up to your email account which has its own risks, so you’ll want to do some due diligence.

Experts also suggest assigning an email sender to your junk folder, blocking the sender, or otherwise automatically shoving potential spam into a drawer and forgetting about it. You can also simply delete the email and then delete it entirely as a batch by emptying your trash folder every so often.

Beyond that, it’s possible to create and use multiple email addresses as some people might use a burner cell phone. Maybe one address for personal email, one for business, another for online subscriptions and one for financial transactions. Doing so helps compartmentalize email risk, again at least in theory. The problem with this approach is we already have enough miscellaneous stuff to manage and now we’d have to add multiple email accounts to the list?

Ultimately and unfortunately this is yet another thing to worry about when it comes to leveraging technology. Risk is everywhere but addressing it doesn’t have to be overly complicated. Just be extra careful, even a little paranoid, when working within your email and be mindful of what you’re clicking on. Mistakes can still happen but they’ll be much less likely.

Here’s a link to the article. Let me know if you hit the WSJ paywall and I can send it to you from my account.

https://www.wsj.com/tech/cybersecurity/unsubscribe-email-security-38b40abf?mod=trending_now_news_2

Have questions? Ask us. We can help.

  • Created on .

Contact

  • Phone:
    (707) 800-6050
  • E-Mail:
    This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Let's Begin:

Clients

Ridgeview Financial Planning is a California registered investment advisor. Disclaimer | Privacy Policy | ADV
Copyright © Ridgeview Financial Planning | Powered by AdvisorFlex