Here’s what you need to know about this form of attack and how to stop it from happening to you.
What Is an Email Bomb?
When an inbox is bombarded with loads of unnecessary messages in a bid to trigger a DOS notice, it has suffered an email bomb.
Often called a letter bomb, the cyberattack can be used as a ruse to distract the owner of the email address from notifications detailing fraudulent activity. This attack can drown your inbox in thousands of emails from subscriptions you never signed up for or emails with large attachments, ultimately leading to the collapse of the server.
Even worse, you can be wrongly tagged as spam, severely limiting you and your organization’s reach. Email bombs can take different forms, but all have one singular goal—to render your account or server inoperable.
How Does an Email Bomb Work?
Email bombs fill up your inbox with countless messages in a short period, leading to downtime or outright shutdown of the account. A single malicious attacker or an organized group of bots on compromised systems are the typical perpetrators of an email attack.
Email Bombs Attack Using a Singular or Similar Domain
Many victims of email bomb attacks report receiving many emails from one or similar domain names. The emails sent from these sketchy addresses usually contain large volumes of nonsensical texts or zipped attachments that may be malware in disguise.
Most spam filters are able to stop this attack, but there are even sneakier ways you can fall victim to an email bomb attack.
Email Bombs Attack Using Benign Sites
Anti-malware has been improved to detect and filter problematic entities. But that’s meant that attackers have got smarter too.
They bypass spam filters by enlisting the use of legitimate sites and forms to bombard your email account. You’re immediately overwhelmed by countless welcome messages and newsletters signing you up on different platforms and newsletters. Since they are all from benign websites, they are not flagged as spam. Hence, the bomb.
What Are the Different Types of Email Bomb Attacks?
Email bomb attacks can present in many ways, and knowing how to identify them is a form of protection in itself. Some types of email bombing may be unintentional, a mere mistake, but one that can be avoided nonetheless.
1. Mass Mailing
Mass Mailing, as the name implies, means sending emails to many email addresses at once. This puts you at risk of being flagged as spam and reduces your reach.
Email bombers worming their way into your account can piggyback and send spam emails through your account to multiple recipients if protective measures aren’t implemented.
2. List Linking
Email bombers sign you up for thousands of subscriptions here, flooding your inbox with a million messages in the blink of an eye!
The sites are mostly legitimate, so spam filters usually have difficulty screening these out.
3. Large Attachments
Bombarding a target account with multiple messages containing large attachments—enough to slow down or negatively impact server performance—is a form of email bombing. When the server’s storage is overwhelmed, it is only a matter of time before it freezes up and stops responding.
4. Decompression Bomb
A decompression bomb is where a compressed or zipped file containing malicious software is sent to a target account. Upon decompression, the victim may encounter service downtime or even account deactivation.
Some compressed files have been found to contain ransomware, so it is best to get rid of such files without attempting decompression.
How to Avoid Becoming a Target for Email Bombs
So how can you protect yourself from nasty email bomb attacks?
1. Keep Your Business and Personal Email Addresses Separate
Having a separate email for work is important for minimizing your risk of exposure to bomb attacks. Ensure you use your business email only in work-related conditions.
Securing all your email addresses with multi-factor authentication is a good safety move too. Beyond setting up security for your email accounts, avoid sharing your email as plain text online or on websites with inadequate security.
2. Engage Restrictions on Your Email Account
Some restrictions can block further entry of messages from a particular sender once it crosses a set limit within a timeframe.
Several third-party applications offer a wide range of restrictions to help secure your account. You can also have your email server administrator block messages with attachments notorious for being malware. These include attachments with the tags, .zip, .exe, etc.
Restrictions of this kind help you avoid email bombs.
3. Use CAPTCHA to Screen Out Bots from Your Forms
If your business requires you to engage people using forms, you should protect your account from manipulative bots.
You can do this by creating and including CAPTCHA as the final step to prevent bots from accessing your servers and inbox by extension.
4. Protect Your Account by Using Bulk Mail and Spam Filters
By adjusting settings on your email account, you can create transport rules that search for keywords you suggest are typical of bulk mail.
Most emailing options offer limited protection from bulk and spam emails, but you can enlist the services of third-party bulk and spam mail filters. They are often designed to allow customization.
Email bombs can vary from expensive pranks to business-crippling catastrophes in worst-case scenarios. Knowing how to defend yourself against them will go a long way to prevent you from falling victim to cybercriminals.
Protect Yourself from an Email Bomb
Email bombing is a form of cyberattack that anyone with the right skills can perpetuate. It is difficult to find a definitive way to avoid an email bomb. However, it’s generally best not to click any links or open attachments from unknown sources.
If you receive an email bomb, report it immediately. You should also notify your internet service provider and see if they have any solutions or suggestions for protecting yourself from future attacks.
