Protect Yourself Against Email Bombing

March 4, 2021

Email bombing is a tactic used by cybercriminals to distract your attention while they make a fraudulent purchase or financial transaction with an account that has been compromised.

How does it work?

During an attack, a victim is blasted with an innumerable amount of emails that rapidly fill up their inbox. In a very short time, that mailbox becomes unusable as the victim struggles to make sense of why this sudden avalanche of messages has appeared.

In some cases, the messages received are nonsensical in subject and content, but most often the emails are from legitimate electronic newsletters and mailing subscriptions. The attacker uses automated bots to scour the web for newsletter sign-up pages or web forms that don’t require live-user authentication. Once this is done, the cybercriminal will enter the email account of the victim, and have bots register the victim's vulnerable pages and forms. This simultaneously generates thousands of emails immediately to the victim’s inbox.

Why is the bomb sent?

The onslaught of messages is just a distraction to hide the criminal’s true intentions.

The email bomb buries an important email sent to the victim from an online shopping site or a financial institution confirming a recent transaction or changes to their account. The email is triggered when the criminal uses the compromised credentials of the victim, usually to make a large online purchase and have the goods shipped to a generic address, which is quickly picked up by the attacker or someone working for them.

What to do if you get Email Bombed

If you suddenly start receiving an endless stream of junk email to your UBC email address, perhaps asking for confirmation of a subscription, you may be the victim of an email bombing attack.

If you or someone you know is being attacked, contact UBC Cybersecurity immediately at security@ubc.ca. The Cybersecurity team will determine a plan to secure your account.

Make sure you log in to the online shopping accounts that you maintain and review your recent orders. If you notice a purchase that you didn’t make, contact the shopping website’s customer support immediately. While logged in to your account, remove any auto-fill payment card or credential settings associated with your account.

Contact your financial institutions and make them aware of the situation. They may be able to lock your account and assist you with the discovery of any unusual activity on your account. Be sure to also contact local law enforcement.

How to protect yourself from becoming a victim

Following these steps to the best of your ability will greatly contribute to your cyber safety:


Go Further...

 


  • Security Bulletin

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning