Well, recently discovered this interestingness:
By creating the fake row, they hope that you unwittingly click to perhaps archive the message etc., however, when you hover over that row, malicious extensions are revealed:
pickDOTstormspanDOTcom/133549421.838678835.1606093945(null)
As well as...
pickDOTstormspanDOTcom/590053017.1143014567.1910429677(null)
Please note: in order to not hyperlink malicious extensions here, i inserted DOT and an extra (null). When attempting to trace these extensions, DOT should be substituted with . AND the null tag with parenthesis should be removed as well.
Have to admit, they almost did a darn good job fooling me into thinking that was a G-Mail row (laughs) The giveaway for me, was that their "re-creations" were fuzzier in display quality and somewhat distorted. Once i got to really focusing, i was like, "What is this?" Then of course, when you hover, you see you're going to an unknown extension.
I have also taken the time to report this "stormspan" to Norton Safe Web. Perhaps (if not already) they can add this domain to the auto-block list to outright prevent users from being able to access it.
Take care,
H.B.
PS- For those who don't know, NEVER click even their "UNSUBSCRIBE", it is part of the racket.