"You've Got Mail"; a lot of spam...

Protecting Your Inbox from SPAM and Your Wallet

Introduction

Email has become an indispensable part of our lives in today's digital age. Whether for personal communication or business purposes, it's a medium we rely on daily. However, a recent incident with two of our customers highlighted a disturbing issue that inundated their email accounts with thousands of emails per hour and masked a more sinister problem: credit card fraud.

In this blog post, we will delve into why users receive these subscription email bombs, how it is leveraged to cover up credit card fraud, and steps to take if you ever find yourself in a similar situation. We will also discuss preventive measures to ensure your digital security.

The Email Subscription Bomb: Unmasking the Real Threat

An email subscription bomb, or a subscription attack, is a cyberattack where a perpetrator floods an email account with many unwanted email subscriptions. This flood of emails can overwhelm the recipient's inbox, causing email service disruption and hampering day-to-day operations. However, the real danger lies in the fraudulent intention behind these attacks.

In a few recent cases reported to us to investigate, the subscription email bomb was used as a diversion. The attackers used this tactic to mask the incoming purchase confirmations related to credit card fraud. By overloading the victim's email account with subscription emails, they created a smokescreen to prevent the victim from noticing the unauthorized purchases with their credit cards.

Fraudulent Credit Card Payment as Root Cause of a Subscription Email Bomb

Credit card fraud is the real reason behind this kind of attack. The thieves, having gotten hold of the combination of credit card information + email address, started to 'shop' and hide their tracks, meaning that any email confirmation of purchase is swamped by thousands of unsolicited (spam) emails.

So what about SPAM filters?

While spam filters have traditionally been our first line of defence against email spammers, these attackers have grown craftier, making it increasingly challenging for these filters to detect and block their malicious content.

And Greylisting?

To compound the issue, even greylisting, a common anti-spam technique, has proven ineffective in challenging fraudulent email senders (typically bots) to resend an email as verification of trust. This can be an effective strategy for combating spam, as many spammers do not bother with the resend process. However, subscription email bomb attackers have tried to circumvent greylisting by automating attacks and constantly resending fraudulent subscriptions.

As a result, the consequences for end-users caught in the crossfire of these attacks have grown more severe, often leading them to abandon their email addresses to escape the clutches of relentless attackers.

The Harsh Reality for the honest email account owner.

The consequences of these evolving subscription email bomb attacks are dire for the email owner. When inboxes are flooded with thousands of spam emails, the resulting chaos can disrupt daily life and productivity. We've even seen the company's email servers go slow in handling legitimate emails.

Sorting through a sea of unwanted emails becomes arduous and time-consuming, making it difficult to focus on essential emails and miss out on crucial communications.

In some cases, users may have to abandon their email addresses to escape the relentless onslaught. They have to create a new email account, causing inconvenience as they update their contacts, subscriptions, and services tied to the old address. While effective in the short term, this solution is not sustainable and may disrupt personal and professional connections. In order cases, the email flooding subsides and regular email traffic resumes.

The Key Steps to Take When You're a Victim

As subscription email bomb attacks evolve, individuals and organizations must stay vigilant and adapt their email security practices.

Combining robust spam filters, user education, and other email security measures can help mitigate the risks. While these attacks may be growing in sophistication, with the right strategies and awareness, email users can better defend against the relentless tide of subscription email bomb attacks without abandoning their email addresses.

If you suspect you have fallen victim to a subscription email bomb or any other email attack, it's essential to act swiftly to protect your digital security.

Block your cards. As these subscription scams are likely part of a credit card fraud, immediately contact your bank to have your credit cards put on pause or cancelled.

Change your email address. Once you are a victim, you may have to abandon your email address. At least for a while until the 'storm' dies out.

Please do NOT start to UNSUBSCRIBE on these distribution emails, as it will inform the bot sending these emails that your email address is active, resulting in potentially more emails.

Secure Your Email Account: As the subscription bombing may also be used to hide an email account take-over,

change your email account password immediately

creating a robust and unique password and enabling two-factor authentication (2FA) for an added layer of security.

What happened to the two cases?

We secured the user's email data and set them up based on our best practices. In parallel, we accessed the log files with these thousands of emails on day 1. Running scripts and queries, we found the email confirmations of purchases of tablets, laptops and retail store items. We contacted each store and discovered that, unfortunately, some items were picked up, and others were declined during pickup due to the thieves showing fake IDs. Good for them (=store employees) to be so vigilant!

In Conclusion

Email subscription bombs are a growing concern due to their disruptive nature and potential to hide more severe cybercrimes like credit card fraud. You can safeguard your digital identity and financial assets by taking immediate action when you suspect an attack and implementing robust security measures.

Contact us at Hexaport to learn how we can help build a better email screening profile for your business. https://www.hexaport.io or call us at +1-519-602-4414.