What’s email bombing? Simply put, it’s a form of cyberattack that sends hundreds or thousands of messages to an email address in a single day. Email subscription bombing automatically subscribes victims to dozens or hundreds of electronic mailing lists, each of which sends multiple messages a day until the recipient unsubscribes to each subscription individually.
A small-business owner whose mom is a Press subscriber was bombed with 56,000 emails within three days. The attack has crippled his business because he had to weed out the junk emails manually (the ones the spam filter didn’t catch) from the legitimate ones being sent by real customers.
He thought about just hitting the “delete all” button but then thought better of it. It’s a good thing he checked because he found an email that said “thank you for your recent purchase.” He opened the email and was surprised to find out his business had just purchased a $9,000 drone from Verizon.
Now the true intent of this malicious attack was uncovered. The cybercriminal deliberately disrupts the victim’s network in order to hide the important messages in plain sight. In this case, the small business owner was able to get the purchase reversed and was also able to determine where and to whom the drone was being delivered. He is still sifting through the emails to see what else he might uncover.
Law enforcement was no help with his situation so now he realizes it’s probably best to close the email account and open a new one. But that might come at the price of irritating customers whose inquiries go unanswered.
Prevention is the best defense against this type of attack. Whether you’re an individual or small-business owner or manager, here are some suggestions:
• Use antivirus software, a firewall and a hardware authentication device to reduce the chance of being attacked.
• Check all your online accounts to make sure you haven’t missed a charge or withdrawal hidden among those thousands of emails.
• Report the attack to your service provider. They might be able to stop the attack at the service level.
• • •
PHONE PORTING SCAMS: With the uptick in readers reporting that they received calls from themselves — i.e., their own name and number is showing up on their caller ID — I thought it worth reminding readers to stay vigilant about their cell phones and personal information.
The scam known as “porting” involves criminals stealing your phone number and your phone service so they can access any account, including your bank account, through confirmation text messages sent to your cell phones as part of the two-factor authentication process.
These scammers start by collecting your name, phone number and then gather any other information they can including your address, Social Security number and date of birth. Armed with this information, they contact your mobile carrier and state that your phone has been stolen and ask that the number be “ported” to another provider and device.
Once your number is ported to the device the crook controls, they can start accessing your accounts that require additional authorization codes texted to your phone. And if you have stored any passwords on your mobile device, you’re particularly vulnerable to breaches because the hacker now has full access to your files and can access your accounts.
Also, if you have a cell phone but don’t use it often, you should make a habit of checking it at least daily to make sure everything is working properly. Once your phone is ported you will stop receiving calls, which is a sure sign something is wrong.
• • •
VETERAN CHARITY SCAMS: Fake charity scams have been around for a while, but the Veterans Affairs Department along with the U.S. Postal Inspection Service is warning that veterans of the armed forces are being particularly targeted.
Here’s how the scam works:
The crook offers pension buyouts to veterans or asks veterans to donate to charities that sound and look real but aren’t. The scammer then takes the donations or cashes the pension checks and keeps the money.
The really unscrupulous scammers will also take the donor’s personal information to create a new fake identity or commit more crimes under the person’s name. According to research, it has been reported that veterans have lost money to fraudsters at twice the rate of non-veterans, so be careful about who you decide to donate to. You can check out charities through www.charitynavigator.org. This is a good way to see if the organization is legitimate before giving to them.
• • •
Remember: I’m on your side.
• • •
If you have encountered a consumer issue that you have questions about or think our readers should know about, please send me an email at firstname.lastname@example.org or call me at (208) 274-4458. As The CDA Press Consumer Gal, I’m here to help. Please include your name and a phone number or email. I’m a fulltime copywriter working with businesses on market messaging, a columnist and a consumer advocate living in Coeur d’Alene.