Hopefully, you’ve never run into this problem, but if you have and you’re looking for answers... Welcome. Refreshments are on the left.
One day you open your email to find that you’re bombarded with “Thank you for your subscription!” messages in all sorts of different languages from every corner of the internet. You obviously couldn’t have done this, nor would you have, but the subscriptions exist regardless.
This is called a “Subscription Bomb” also known as “List Bombing” and while not as prominent as some other phishing scams, you are definitely not alone in asking what to do when you’re the victim of a subscription bomb attack. Our expert techs have recently helped clients who have been bombed to mitigate their risk and configure their email settings to fight off future attacks.
As we’ve noted before, nearly every business on the planet is likely to fall into the crosshairs of some bad actors. Getting thousands of unsolicited emails is annoying enough, but this suspicious activity might even be a cover-up for a larger, more costly security breach you could be ill-equipped to handle.
What Exactly Is Subscription Bombing & More
The basics are fairly simple. Cyber criminals, taking aim at an organization for any number of reasons, enable bots that use your email to sign up for subscriptions to online sites like foreign email newsletters that don’t require CAPTCHA answers or a two-step opt-in process. As these unwanted subscriptions are processed, the victim’s inbox gets bombarded with notification emails.
While at first glance, the emails appear completely random, there are a few traits that characterize this type of spam. Besides the incredible volume of emails that will arrive in one day, there are a few other indicators hidden within these suspicious emails.
How to identify subscription-bomb emails:
- The senders are different-likely coming from various free mail providers.
- The IPs are all different- often from many different countries.
- The content of the emails often contains some randomized words or gibberish.
- The emails don’t contain any links, graphics, or ads.
- The emails arrive at a furious rate and then suddenly stop.
Threat actors will deploy the bots and fire off the emails right before the real attack occurs. After completing their illegal activity, they’ll shut it down and move on to another mark.
How Subscription Bombs Attempt to Cover A Real Crime
While the Subscription Bomb is clearly an annoyance and poses a real problem to the recipient, this isn’t the end of the road – or the threat.
When a cyber criminal steals your personal information (PII), they’ll often attempt to open new credit card accounts in your name or transfer your funds to make fraudulent purchases. What they can’t control are the automated emails sent from reliable vendors that show you purchase receipts, balance transfer updates, or notifications that your account settings have changed.
While these bad actors can’t stop retailers, banks, and security clients from communicating recent activity, they can try to keep you from ever seeing them by “bombing” your inbox with so much junk you miss something important.
The “subscription bomb” tactic is similar in practice to a DDoS attack. Except, instead of flooding the bandwidth of an operating system, this attack floods your inbox, making it nearly impossible to read or send emails while the spam messages keep piling up.
Heavy Subscription Spam is a Warning Sign
If you start receiving thousands of suspect emails (it could be as many as 60,000 in a 24-hour period) thieves may already have your identity and personal information, so don’t just select and delete. If you have IT resources, this would be the time to get them involved.
“It can be a screen for another attack. Subscription bombing works because of its distributed nature. Mail coming from 1000 different sources won't trigger the same protections as 1000 messages from one source,"
- Reed Wilson, CEO at PTG
What to Do If You Get Email Subscription Bombed
Here are some ideas about what to do if you get subscription bombed:
- If subscription bombing happens to one of your email accounts, leave the emails where they are and check for other suspicious activity before deleting any messages.
- Contact your financial institutions to see if any unauthorized purchases have been made using your account information and avoid accessing any personal information over unencrypted or public Wi-Fi until you know you are in the clear.
- Do an internet search of your email address to see if it appears on any unwanted subscription sites or lists. If you find it somewhere you did not authorize, work with the site's owner to unsubscribe and have all records of your email removed from their site.
- Reconfiguring your email spam filters will reduce some unwanted emails in the future, but it is nearly impossible to block every email triggered by a subscription bomb.
- What makes this attack successful is the fact your email address is essentially used to sign up for legitimate mailings - so even the most secure email providers don’t know they're supposed to block them.
If you're working through a subscription bomb or just want to know more about how to prevent cyber criminals from breaching your system, give us a call at (864) 552-1291 and we'll help you evaluate capabilities and options. Also, sign up for PTG Tech Talk for bi-monthly tech news, and consider following us on LinkedIn, Facebook, and Twitter!