Threat Intelligence

Rise of Email Bombing Attacks: Here’s What You Need to Know

Key Insights

Cyber criminals are increasingly using email bombing as a distraction tactic. They overwhelm individuals and organizations with a flood of emails while carrying out more serious attacks, such as stealing credentials or deploying ransomware. Understanding email bombing and how to prevent it is crucial as these attacks continue to rise.

Who should read this?

  • Individual users – Anyone who uses email can be affected by email bombing. It can flood your inbox, making it difficult to find important messages and can put your personal information at risk.
  • Organizations – Businesses and organizations should also be aware, as email bombing can disrupt operations and create additional security risks, like data breaches or unauthorized access to sensitive information.

The growing threat of email bombing

Email bombing is one of the most dangerous, yet underreported tactics used by cyber criminals. It involves overwhelming a victim’s inbox with a large volume of emails, making it difficult for them to spot important messages or alerts. This distraction allows attackers to carry out other malicious activities, such as stealing credentials, installing malware, or executing larger-scale attacks like ransomware or data breaches, often without being detected.

Recently, a newly emerging security threat involved email bombing combined with fake IT support calls through Microsoft Teams. In these attacks, cyber criminals overwhelm the victim’s inbox with a large number of emails, often generated by automated bots. This makes it hard for the victim to spot important messages. While the victim is distracted, the attackers impersonate IT support through Microsoft Teams calls, convincing the victim to install harmful software or give the attackers remote access to their computer.

Similarly, a few months ago, the U.S. Department of Health and Human Services issued an alert after email bombing attacks targeted the healthcare and public health sectors. These attacks aimed to hide important security messages, such as warnings about account compromises.

Why is email bombing risky?

  • Hard to spot important alerts: Email bombing fills the victim’s inbox with a large volume of messages, making it difficult to identify critical notifications. These could include security alerts, account changes, or transaction confirmations that may indicate fraud or unauthorized access.
  • It can lead to unauthorized access: Attackers use email bombing to distract victims while they steal login credentials, often through phishing emails or fake websites. Once they have the credentials, they can access accounts, make unauthorized purchases, or steal sensitive data.
  • It can lead to more serious attacks: Email bombing is often just the first step in a larger attack. After distracting the victim, attackers might try to gain remote access to the victim’s device or install harmful software like malware or ransomware.

How to stay safe?

For individual users

  1. Use strong email filters: Set up your email account to automatically sort emails into categories like spam, newsletters, or important messages. This helps prevent harmful emails, such as those with viruses or phishing scams, from reaching your inbox.
  2. Watch for unusual email activity: If you suddenly get a large number of emails in a short time or notice your email is slower than usual, it could be an email bombing attack. Be alert to these changes and contact the relevant authority through official channels if needed.
  3. Limit subscription to trusted sources: Periodically review and clean up your email subscriptions. Only subscribe to trusted, essential services and avoid over-signing up for newsletters or other email notifications.

For organizations

  1. Monitor your email traffic: Use tools to keep track of incoming and outgoing emails in your organization. If there’s a sudden spike in email activity, it could be an email bombing attack. This lets you spot problems early and take action.
  2. Set up email filters for your organization: Make sure your email system has strong filters in place to automatically block harmful emails and only allow trusted senders to get through. Periodically update these settings to keep your email inbox safe.
  3. Create alerts for suspicious activity: Set up alerts to notify you if something unusual happens with your email. If you suddenly get too many emails or if emails look suspicious, you can quickly investigate and stop potential attacks.
  4. Keep filters and settings updated: Review and update your email security settings periodically to stay protected from new threats.

References

  1. Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
  2. iPhone, Android Users Warned After 50,000 Message Email Bomb Attack

Resources

Tips to stay secure from email bombing attacks

Free infographic

Tips to stay secure from email bombing attacks

Download this infographic to learn practical tips on how to protect yourself from email bombing attacks.

Author

Related Videos

3 Outlook settings that help you stay safe from email bombing attacks