Is the ‘unsubscribe’ button a scam?

(NEXSTAR) – Email inbox flooded with spam? You might want to think twice about hitting the “unsubscribe” button.

The unsubscribe button, when accessed within legitimate emails from legitimate organizations, is a relatively secure method for removing a recipient’s email address from the organization’s mailing list. (The sender is also legally required to comply with an unsubscribe request within 10 days, according to the Federal Trade Commission.)

When it’s included in illegitimate emails, however, the unsubscribe button might be completely useless — and entirely malicious.

“There are legitimate parties that utilize an unsubscribe button [that] will unsubscribe you, but … there are also parties who are scammers, who use that to confirm your email address is correct,” cybersecurity expert Joseph Steinberg told Nexstar. “The worst possible thing you could do if someone is a real spammer is to tell someone that yes, this email address is valuable, and this is a real person. Your email address just became much more valuable to them.”

State Department offers $10M reward for info on UnitedHealthcare hackers

Scammers might be hoping to confirm an active email address for a few reasons — the least nefarious of which is to spam you with additional unsolicited emails.

“Getting flooded with more spam is the least of your problems,” said Steinberg, also the author of “Cybersecurity for Dummies.”

Clicking the unsubscribe button in an unsolicited email, Steinberg said, could potentially infect your device with spyware or other malware. Or, the senders could be hoping to confirm your email address for an identity theft scheme, to later target you with more personal — and perhaps more official-looking — emails and phishing scams.

“They may craft an email attempting to scam you out of money, or tell you that a relative is in danger, or who knows what else,” Steinberg claimed.

The Federal Trade Commission (FTC) urges email users to protect themselves from phishing scams by learning to recognize the most common red flags. The commission also advises customers reduce the amount of unsolicited emails they receive by utilizing an email provider with a strong spam filter, or registering for the Direct Marketing Association’s do-not-contact list. Users should also refrain from sharing out their primary email address (if possible), or even set up a secondary email account when signing up or newsletters or mailing lists.

If you’re already taking these precautions and your inbox is still full of unsolicited newsletters and emails from desperate singles looking to party, there’s still something you can do.

“Report it as spam,” Steinberg said. “Usually there’s a button on your email system to flag something as spam, and that information will be fed to the anti-spam engine. These engines are getting better, and eventually they’ll help filter out those emails.”

Anti-spam engines aren’t perfect, Steinberg warned, but in time, they’ll help keep spam emails from cluttering your inbox.

Canadian school boards sue Snapchat, TikTok, Meta for disrupting students’ education

Recipients, though, should still keep an eye out for suspicious emails — even if they’re noticing less and less spam.

“Never assume your spam filter is totally effective,” Steinberg said. “Just because you don’t get phishing emails on a regular basis, doesn’t mean you won’t get one. Don’t trust something just because it made it to your mailbox.

“Remember: [Scammers] can get your email address by hacking, or the data breaches you hear about,” Steinberg added. “It’s always going to happen. It’s a question of how you manage it.”

For the latest news, weather, sports, and streaming video, head to PIX11.