Spam Bomb

We all have to deal with a certain amount of spam. But if you notice a sudden and major uptick in the spam coming to your inbox, pay attention! This could be a spam bomb. This is a smokescreen tactic used by cybercriminals to hide what they’re doing

The strategy is this: A bad guy plans to access a victim’s email or financial account. Before, during, and after he commits his crime, he uses the victim’s email address to sign up for a lot of subscriptions, mailing lists and spam. The result is very clever. When the crook changes the password on the stolen account, or makes a big purchase using the victim’s credentials, an email confirmation is sent out. But that important email is going to get lost in the deluge of junk, also arriving at the same time.

This obfuscation technique works. Many people will open their inbox, see the mountain of spam, and simply delete everything. And in doing so, they will miss the one crucial notice that they need. They will unknowingly nix the legitimate message, that says “If you didn’t authorize this change…”.

spam bomb

What to Know and Do

A spam bomb attack is especially delicate to deal with, because so many of us are ready to mistrust every unexpected email. With good reason! It is far more common to get a phishing email or clever fake than it is to get a real, critical warning message.

If you have reason to think you have an spam bomb to deal with, please:

  • Know that it is safe to open and read your email messages. Just avoid clicking links and do not open attachments. Links and attached files are where the danger may lay.
  • Delete or Mark-as-Spam any message you are sure you don’t need. Don’t unsubscribe.
  • If you come across a message that might be legitimate and worth acting on, pause and back away from that email. Try to verify it from outside the message, by calling a number on a printed statement or going to a trusted website in a separate browser tab.
  • Never call a phone number in a suspicious email. Never reply to any fishy message.
  • Change passwords and turn on 2FA for any accounts you are concerned for, again without using any email you may have received. Deliberately open a new tab and type in the website/URL you want to visit to start any security-related changes.
  • Be alert that the distraction could be more advanced than it appears. Example: 20 spam emails arrive at 9AM, then a remote control scammer calls you at 9:30AM, claiming & pretending he can fix your spam problem!

All that said, there is no foolproof manual that I can write that will cover all scam tactics. If you get any email that you’d like an opinion on, I welcome you to forward it to me. I’ll write you back with a candid opinion. Be safe out there!

Leave a Comment