If You’ve Been Blast by Email, You Need to Do It Now
What if you woke up tomorrow and found hundreds of emails in your inbox—thank you emails for subscribing to your newsletter, for participating in forums, or for something you can’t even figure out because the emails are written in different languages? Emails that weren’t blocked by your spam filter because they aren’t technically spam – are they legitimate confirmation emails, just for things you didn’t actually sign up for?
If this happens to you, take note: you’re being email bombed, and there’s probably a good reason for it. And this reason does not suit you.
What is email bombing?
Email bombing, also known as “ opt-in bombing ,” is when you suddenly receive large numbers of emails—often hundreds—from different companies and websites at the same time. All of them confirm something you never initiated, and all of them are addressed to your real email address.
The e-bomb is created using automated scripts that find forums, newsletters and other sites on the Internet and enter your email address into them. Because this is an automated process, an attacker can get you to sign up for hundreds of similar sites in a matter of minutes—and receive hundreds of emails to you at the same time. The sheer volume of messages in an e-bomb can be overwhelming—and that’s the point. Because it is almost certainly designed to disorient you.
Why You May Be Electronically Bombed
When you receive an email bomb, there are three not-so-good reasons why this is happening to you:
-
Joke. The least alarming reason for an email bomb is that someone hates you and wants to make your life a little more miserable by forcing you to clean up your internet mess. It’s the digital equivalent of magazine subscriptions or having unwanted pizza delivered to your door.
-
Malicious links. Sometimes email bombs are used to trick you into clicking on malicious links hidden in the “unsubscribe” portion of the text . You receive a bunch of cryptic, unsolicited emails from legitimate companies or websites, so without thinking, you click “unsubscribe” and your computer is at risk.
-
Abstraction. This is the most likely and dangerous possibility. Someone has hacked your credit card or store account and made illegal purchases or made some changes to your accounts that they don’t want you to see. So they tend to hide these confirmations or alerts under hundreds of nonsense emails.
For example, this woman woke up one morning to see hundreds of emails in her inbox – and eventually realized that someone had used her credit card information to make a $1,300 purchase, and the email bomb had been designed to hide what what happened. Scammers hope you’ll just mark everything as spam and delete without paying close attention, missing important emails informing you about payments, changes to your accounts (such as passwords or two-factor settings), or other scams.
Bottom line: If you’re unexpectedly bombarded by an E-bomb, don’t think it’s a prank or a mistake—pretend you’re under attack.
What to do about electronic bombardment
If you’ve encountered an email bomb, there’s little you can do to stop it: your email has been entered into lists and databases, and the automated services that run those sites will continue to send you confirmations or newsletters until you opt out from subscription. If the script used by attackers to register you continues to work with your address, this can continue for a long time. If you can’t close the affected email, all you can do is mark it as spam and unsubscribe – on the website itself, not by clicking on a link in the emails.
You should also change all your passwords and set up as many additional security features as possible, including two-factor authentication, on as many accounts as possible. If someone is bombarding you with email, they may have compromised more than one aspect of your life.
You’ll also have to continually review emails as they come in because email bombs don’t always go off at the same time as a fraudulent charge or account intrusion. It can be tedious, but that’s why this tactic is used. If you give in and let critical emails slip through, you’re letting the scammers win.
Eventually the flow of emails will die down and whoever was targeting you will move on to someone else. As long as you don’t let the bomb distract you, you’ll be fine.