So I clicked on an unsubscribe link in an e-mail without doing due diligence on the URL first. I’m trying to figure out how much damage control I need.
It’s (supposedly, probably) from a major institution (Smithsonian Magazine). The hostname of the link is that of most pages on the actual Smithsonian Magazine website. It redirects automatically to another hostname that’s mentioned in text-only newsletters also on the actual Smithsonian Magazine website. (Both of these facts found and confirmed via Google search.)
Is there anything else I should check? What sort of information could the link have sent? Any other possible effects? (I’m on a Mac, I did all this through Firefox, and I got no requests to install anything. I don’t know if there has been anything done to disable the password request before installation thing; if so, I sure didn’t do it, but not to say it couldn’t have happened, and I don’t know how to check.)
Extra question, with some possibly relevant info: the name and address on the e-mail are unknown to me (though the e-mail address given is indeed mine, and the last name is the same as mind, meaning the e-mail address could be a typo). This, of course, lends some credence to the e-mail being genuine.
If it is, would I be doing anything wrong, legally, by changing the e-mail address? It’s not my account, after all.
(Of course, answers to the questions above still appreciated!)
FIrefox is pretty good about warning you before you install anything, and given the other facts you mentioned, I’d guess it’s legit. If I’d verified those facts about an email, I’d be reasonably confident about using that link.
The only other thing you could possibly check are the email headers and look for weird/foreign addresses in the routing list, possibly verifying the domain for each ip address listed. However, given the other information you describe, I’d say that’s overkill. That’s just the first step I usually take with suspicious looking emails (contains only a picture or link, has no complete sentences, uses url shortners (bit.ly, tinyurl.com, etc.)).