JUNE 1, 2024 -- Imagine checking your email to find that your inbox has been bombarded with over 1000 emails from various online websites and services asking you to confirm that you signed up for their mailing lists. These usual- ly aren’t from dangerous websites - they are often from places like your favorite store or restaurant, a sign-up list from your favorite musician, or even schools, cities, and newspapers.
This is called List Bombing or Subscription Bombing and is a popular email scam tactic. This type of scam is not usually a malicious scam like a computer virus would be, but just an annoyance, or a nuisance type of scam. Sadly, there is no way to prevent anyone from using any email address to subscribe to something.
How it works is basic. Cyber criminals take your email address and use it to sign you up for subscriptions to online sites without your consent. Then in return, you receive an email back asking you to click to confirm that you subscribed to their list, or actually confirming the subscription. Your inbox then fills up with these confirmation notifications, obscuring real emails that get mixed in with the nuisance messages. What makes this attack successful is the fact your email address is used to sign up for legitimate mailings - so email providers don’t know they’re supposed to block them.
The attacker can do this one site at a time, or by using a bot, such as Mailbait, which signs up an email address on thousands of websites in one click. When this happens, in most cases your computer and passwords have not been compromised and your email has not been hacked. But, in some cases, this is a technique scammers will use to try and disguise suspicious activity.
The scam can originate anywhere - all they need is an email address and the want to inconvenience you. Anyone who knows your email address can do this. It is designed to overwhelm you so you can’t focus on any real email. Often times, these types of attacks are random and after completing their scam, they’ll quickly move on to another mark. But they could also come from somebody harboring ill will against you and can even continue on and off over time. But in most cases, eventually the attack will stop.
What’s the solution?
Abandon your email address and get a new one or get a second/new email address while you sort out the mess. This is an easy way to get the messages to stop but is also inconvenient as it means changing your email address everywhere and with everyone who has it.
1) Set-up aggressive email filters to automatically block or delete the messages or send them to another folder. This way, your inbox is no longer cluttered.
2) Delete all the messages as they come in until they stop. But realize that the scammer’s goal may be to distract and prevent the victim from noticing any important emails, while they try to hack into other on- line accounts, commit fraud, or steal something valuable.
3) Check the email headers to see if there is any identifying information or details about the source of the emails. This may not always provide direct information about the person, but it can give insight into the email’s origin.
Go through each message and unsubscribe from the lists. This is time-consuming and can easily become more overwhelming than the messages themselves. Remember though, that it also confirms that the email address is active, thus opening up to future scams.
Use this time to check privacy and security set- tings. It is wise to check to make sure that your email address has not been breached and is not on any dark web databases. Services like Google Security Check are great for this task. This is also a good excuse to update your password to something new and unique, and set-up two-factor authentication where available.
|