Protect Yourself Against Email Bombing
Protect Yourself Against Email Bombing
Have you heard of “email bombing”? Email bombing is a tactic used by cybercriminals to distract your attention while they make a fraudulent purchase or financial transaction with an account that has been compromised.
How does it work?
During an attack, a victim is blasted with an innumerable amount of emails that rapidly fill up their inbox. In a very short time, that mailbox becomes unusable as the victim struggles to make sense of why this sudden avalanche of messages has appeared.
In some cases, the messages received are nonsensical in subject and content, but most often the emails are from legitimate electronic newsletters and mailing subscriptions. The attacker uses automated bots to scour the web for newsletter sign-up pages or web forms that don’t require live-user authentication. Once this is done, the cybercriminal will enter the email account of the victim, and have bots register the victim's vulnerable pages and forms. This simultaneously generates thousands of emails immediately to the victim’s inbox.
Why is the bomb sent?
The onslaught of messages is just a distraction to hide the criminal’s true intentions.
The email bomb buries an important email sent to the victim from an online shopping site or a financial institution confirming a recent transaction or changes to their account. The email is triggered when the criminal uses the compromised credentials of the victim, usually to make a large online purchase and have the goods shipped to a generic address, which is quickly picked up by the attacker or someone working for them.
What to do if you get Email Bombed
If you suddenly start receiving an endless stream of junk email to your UBC email address, perhaps asking for confirmation of a subscription, you may be the victim of an email bombing attack.
If you or someone you know is being attacked, contact UBC Cybersecurity immediately at security@ubc.ca. The Cybersecurity team will determine a plan to secure your account.
Make sure you log in to the online shopping accounts that you maintain and review your recent orders. If you notice a purchase that you didn’t make, contact the shopping website’s customer support immediately. While logged in to your account, remove any auto-fill payment card or credential settings associated with your account.
Next, contact your financial institutions and make them aware of the situation. They may be able to lock your account and assist you with the discovery of any unusual activity on your account. Be sure to also contact local law enforcement.
How to protect yourself from becoming a victim
Following these steps to the best of your ability will greatly contribute to your cyber safety:
- Secure your online accounts with strong passphrases and avoid reusing passwords from another account that you have created (See these password tips for assistance).
- This includes banking and credit accounts as well as online accounts that save your payment and personal information.
- Check your credit card and bank statements regularly to make sure no fraudulent charges have been made to your account.
- Enable multi-factor authentication by setting up your Enhanced CWL (CWL required) and discovering how to use the Duo Mobile app for other accounts and applications
For more information and cybersecurity tips, please visit the “I Want To…” section of the Privacy Matters website.