Hopefully, this has never happened to you. You open your email on Monday morning to find you’re bombarded with “Thank you for your subscription!” emails in all different languages - from all different newsletters you never signed up for. It’s called a “Subscription Bomb,” and while not as prominent as some recent phishing scams, our expert techs have helped clients who have been bombed to mitigate their risk of loss and configure their email settings to fight off future attacks.
Why should you be aware of this hack? Getting thousands of unsolicited emails is annoying enough, but this suspicious activity might even be a cover up for a larger, more costly security breach.
Subscription Bombing 101
Hackers enable bots that use your email to sign up for subscriptions to online sites like foreign email newsletters that don’t require CAPTCHA answers or a two-step opt-in process. As these unwanted subscriptions are processed, the victim’s inbox gets bombarded with notification emails. While at first glance, the emails appear completely random, there are a few traits that characterize this type of spam.
Besides the incredible volume of emails that will arrive in one day, there are a few other indicators hidden within these suspicious emails.
- The senders are different-likely coming from various free mail providers.
- The IP’s are all different-often from many different countries.
- The content of the emails often contains some randomized words or gibberish.
- The emails don’t contain any links, graphics, or ads.
- The emails arrive at a furious rate and then suddenly stop.
Hackers will deploy the bots and fire off the emails right before the real attack occurs, after completing their illegal activity, they’ll shut it down and move on to another mark.
How Subscription Bombs Attempt to Cover A Real Crime
When a hacker steals your personal information, they’ll often attempt to open new credit card accounts in your name or transfer your funds to make fraudulent purchases. What hackers can’t control are the automated emails sent from reliable vendors that show you purchase receipts, balance transfer updates or notifications that your account settings have changed.
While hackers can’t stop retailers, banks, and security clients from communicating recent activity, they can try to keep you from ever seeing it by “bombing” your inbox with so much junk you miss something important.
The “subscription bomb” tactic is similar in practice to a DDoS attack - except instead of flooding the bandwidth of an operating system, this attack floods your inbox - making it nearly impossible to read or send emails while the spam messages keep piling up.
Heavy Subscription Spam is a Warning Sign Your Personal Data Might Be Compromised.
If you start receiving thousands of suspect emails (it could be as many as 60,000 in a 24-hour period) thieves may already have your identity and personal information, so don’t just select and delete. Get ready to investigate.
“It can be a screen for another attack. Subscription bombing works because of its distributed nature. Mail coming from 1000 different sources won't trigger the same protections as 1000 messages from one source,” says Matt Snider, an IT Support Engineer at PTG.
In Part 2 of this Blog Series You'll Learn Some Email Security Best Practices and What to Do If You Get Caught On the Receiving End of a Subscription Bomb.
Don't want to miss it? Subscribe to our newsletter and get the whole series in next month's issue.