Email Security Intelligence - Distributed Spam Attacks and Email Bombers

Email bombs are a type of Denial of Service (DoS) attack where victims encounter a flood of messages quickly filling up their inbox until it renders the victim’s mailbox useless. The bomb is typically designed to distract the user from the fact their information has been compromised and used for fraudulent activity.

This type of email attack is particularly difficult to defend against as automated bots are used to subscribe an email address to several lists per second. This article will discuss methods for surviving an email bomb attack, as well as ways to prevent an attack from occurring.

What Are Email Bomb Attacks?

Email bombings are commonly used to hide important notifications about account activity from victims in order to make fraudulent online transactions. Spamming the inbox distracts from the real damage that’s going on behind the scenes. An email bomb uses a denial of service attack (DoS) against an email server, as a means to render email accounts unusable or cause network downtime.

Attackers may attempt to gain access to online shopping accounts and purchase expensive products, make fraudulent transactions on the victims’ dime, and render domain owners’ email addresses useless. They are also not necessarily a one-New email online message communication mobile phonetime event, with all emails being received as part of a single incident, but a recurring, regular event using legitimate email services, such as newsletter subscriptions. Email bombs started in the late 1990s with journalists commonly being the target of email bombing campaigns as an act of aggression in response to their critical articles. Anyone can be a victim, however, including government officials, policymakers, emergency coordinators, healthcare providers, and many others.

Modern mail bombs are more sophisticated and can be overpowering against most spam filters, devastating employees’ email inboxes and disrupting an organization’s communication. The methods of an email bombing attack vary, however most attacks will manipulate newsletter sign-ups from legitimate websites. The email bombers employ automated bots that scour the web in search of newsletter sign-up forms that don’t require live-user authentication.

Once the email bomb order is placed, scheduled, and begins, the bots will sign a recipient up for several newsletters in one sitting, generating thousands of emails in the victim’s inbox that don’t stop until the user is unsubscribed from each individual newsletter or service.

The Price of Attacks For HireCreative abstract e-mail, spam and junk mail internet web concept: 3D render illustration of the top view of heap of letters in envelopes falling from screen of modern metal office laptop or silver business notebook computer PC on the office table

Once a victim is attacked they are often added to additional spam, phishing, and malware lists by malicious actors. Attackers will maintain these lists of vulnerable sites and advertise on the Dark Web and set a price for others to purchase services. Sellers will request the email address and desired start time for the email bomb and unfortunately, there are an excessive amount of sellers and marketplaces on the Dark Web willing to cater to anyone looking to email bomb someone.

The price of email bombs may vary, however, a typical seller charges around $15 per 5,000 messages and most sellers offer price breaks for higher quantities, such as $30 for 20,000 messages. 

In The Event of An Email Bomb

Preventing an email bomb attack presents challenges as any user with a valid email address can spam any other address. Because of this, it’s important your organization is prepared for an attack or is aware of the proper steps to take in the middle of an attempt.

Preparing For An Attack

  • Newsletter owners should implement required registration confirmation to prevent their newsletters from being abused.
  • Ensure email delivery software is up-to-date, patched, and includes antivirus.
  • Consider blocking file attachments used in email bomb attacks, such as .zip, .7zip, .exe, and .rar
  • Limit the maximum email attachment file size.
  • Ensure out-of-office, bounce back, and other automatic messages are only sent once to prevent an endless loop of recurring automatic replies
  • Limit send permissions so only internal and authorized users may send to distribution lists.
  • Implement security tools like multi-factor authentication for passwords, and never use the same password twice.
  • Implement an email security provider that's equipped to protect against attacks, and has a significant relationship with their client to understand typical mail flows as well as identify attacks.

What To Do In The Middle of An Attack

  • Install a spam filter instead of simply deleting emails in mass.
  • Critical inboxes for your organization should use failover services and notifications to protect against important emails being deleted.
  • Use a bulk mail filter to help stop subscription-based emails from landing in the inbox by adding the newsletters to your approved sender’s list.
  • Use custom spam filters to help block emails that contain words like “confirmation,” “subscription,” or “confirm.”
  • Make sure that online passwords are changed and that all of your organization’s online accounts are secured with multi-factor authentication.
  • Look for suspicious activity such as unauthorized withdrawals or purchase confirmation emails that may not have been noticed in the attack before deleting any emails.

The Bottom Line

Email bombing is an attack that devastates productivity and sometimes only becomes apparent once it's already too late to act. Email may continue to remain a useful business tool for those that rely on it, but it is critical that you strengthen your defenses against emerging attacks. One of the most effective ways to enhance your organization’s email security is to implement an innovative, fully-managed supplementary email security solution capable of safeguarding your users, your data, and your brand against sophisticated and dangerous attacks. Instituting employee cybersecurity training is also crucial to safeguarding data and defending against damaging, costly cyberattacks and breaches.

Must Read Blog Posts

Latest Blog Articles