by Charles Miller

Almost on a daily basis, I try to stay abreast of the latest online security threats by following various tech-related websites and podcasts. Thankfully, it is much less frequently that I actually have any first-hand brush with the scams that are warned about there. Still, it is beneficial to stay abreast of what cybercriminals might be up to. That made me well prepared for an urgent phone call from a client here in San Miguel who was hit by a "Subscription Bomb."

A subscription bomb is also known as a list bomb or smoke-screen bomb. It is a type of email attack in which the attacker uses an automated system to submit your email address to thousands of online subscriptions, or contact forms, or password reset forms simultaneously. This immediately floods yours inbox with thousands or tens of thousands of newsletters and/or subscription confirmations that you never signed up for. Thousands of unsolicited emails per hour can flood your inbox, and there is literally nothing that can be done to stop this.

When I say "nothing" can stop this, obviously I am excluding the use of cruise missiles or other high explosives, tempting though it is to think of doing that. Seriously, not even that could work because the emails originate from thousands of different sources. And the senders are legitimate companies that are being unwittingly and unwillingly used as tools by the cybercrooks.

Beyond senseless vandalism or harassment, what is the purpose of bombing someone's email? Frequently the purpose is a smoke screen or diversionary tactic to hide other malicious activities like account takeovers or fraudulent transactions. A flood of thousands of emails is likely to distract you from seeing legitimate security alerts, such as password reset notifications or fraud warnings from your bank.

One clue to look for in this attack is emails from dozens or hundreds of different banks regarding resetting your password. This might indicate cybrecrooks are using your email to probe thousands of different banks trying to identify where you do business.

If you are unfortunate enough to fall victim to an email bombing attack, I suggest that the first thing you should do, no matter where you are or what you are doing, is to drop everything and phone your bank and investment broker to tell them "My email has been bombed!" They should know exactly what this means. Over the last decade I have had occasion to assist clients while dealing with Fidelity, Schwab, Vanguard, and others and have always found their tech-support people to be aware of cyber-scams and willing to temporarily freeze the customer's account until the situation is under control.

Heaven forbid, but if your cell phone mysteriously stops working at the same time you receive an email bomb, then you really are in trouble! The coincidence of those two events means it is likely you specifically have been targeted by some sophisticated cybercrooks. You should immediately call your cell phone provider AND your bank(s) telling them "My phone is not working and email has been bombed!" They should recognize the threat and know how to help you protect your finances.

Beyond this, checking your other important accounts such as credit cards, PayPal, Amazon, etc. is recommended. If you do see anything unusual, then changing your passwords is in order. Remember never to reuse passwords, and especially never ever reuse your email password.

My client, the victim of the email bomb, soon learned that thousands of dollars in fraudulent transactions were charged to her credit card. Sure enough, when she searched through the thousands of spam emails there was an email from her bank alerting her to check her account, and she had not seen that message when it arrived.

Your email is the key to your digital life because so many web services use your email address as your identity. Even worse, many websites permit you (and the hackers) to reset your password by sending a link to your email address. This makes it vitally important to keep your email password secure because if hackers can gain access to your email then that can provide access to almost everything else.

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar