Email Bombing - Scammers are trying to distract you
By Dean Thompson
You look at your inbox and all of a sudden you have 100, 200, 500, 600 emails within a matter of minutes. Most of these emails are coming from list serves who you have never heard of and a lot of them will be in languages you don’t speak.
I was the lucky recipient of this several weeks ago, not long after I posted the first article on scammers so it’s probably no coincidence. You just never know. All in all I received well over 600 emails initially that night with another few hundred over the evening. To make it worse, it was right before I was headed off the bed. So instead of getting ready to relax, my heart is pounding and I’m in front of my computer trying to figure out what they are trying to hide.
You see email bombing is used by both scammers, hackers and out right thieves. They are doing something with one of your accounts and know that what they are doing is going to send you a legitimate email about their activity. Their hope is you are inundated with so many email messages that you miss the legitimate one that you need to pay attention to. They have access to an online account, usually something financial related and they want to hide the notifications from the bank, credit card provider, merchant, etc. telling you a change is being made to your account.
When this happens, don’t panic. In fact, panic is the last thing you want to do. You need to relax and start looking at every single email you received. You will quickly be able to see the ones that are from these list serves and can select multiple of them at a time and put them in either your archive folder or a temporary folder. I recommend you do not initially delete them. The reason I say that is you might want to go back and double-check them until you know you have resolved the issue they are trying to hide. You will find in all of these emails one email telling you something like your email address has changed for that account or you have turned off certain notifications with the account. This is the one you have to take immediate action on.
For me, they were in my credit card account which was very disturbing. It wasn’t someone who had my credit card number making fraudulent charges, they were in my actual online account and turning off all charge notifications I had turned on as well as the email address any notifications would go through.
If this happens to you, do the following:
- Log into your account and reset your password
- Turn on 2-factor authentication if it is provided (in this case the credit card provider did not provide it)
- Call the phone number on the back of the credit card to have the card cancelled and re-issued
- Do NOT google the credit card company’s phone number or try to look it up on-line. Scammers pay well for ad word search & SEO so the right thing is to look at the number on the back of the credit card
Despite me using incredibly complex passwords and a personal password manager to help with that, someone got into my account. When I log into this account, I do it very purposely so I do not think I logged into a fake website to give the credentials. I suspect it was someone on the inside of the credit card company. I won’t mention who it was as I’m working with them on the case currently and I don’t want to badmouth a bank for one bad actor until they have had the chance to see what happened. I do think they need to offer 2-factor and hopefully this will get them to do that.
This particular issue is really annoying because it causes a lot of work on your side. Luckily a lot of list-servers are getting better at requiring you to verify your email before setting up the account so once you don’t do that, you don’t hear from them any longer. Also they don’t go to the length of establishing logons so you don’t have to deal with the actual accounts.
As always, please share with your friends and colleagues and repost so we can educate everyone about these kind of things. #scammers #emailbombing #retiresec