Email Bomb Definition

An email bomb (or email flood) is a type of cyberattack in which someone deliberately floods your inbox with an overwhelming amount of messages, usually within seconds or minutes. Its main goals are to hide important alerts, crash your email account, or extort you by making your inbox unusable. Since attackers can automate email bombing using online forms to send you messages from multiple sources, it makes it a type of distributed denial-of-service (DDoS) attack.

How Email Bombing Works

Attackers usually start email bombing by using bots or scripts to scan the web for sign-up forms, like newsletter subscriptions, online forums, and promotional giveaways. They often focus on forms that don’t use protections like CAPTCHAs, which allow them to sign you up without verifying your identity.

These bots then automatically fill out the forms using your email address. This kickstarts a huge influx of incoming messages, including welcome emails, confirmation notes, and discount offers. Since the emails come from legitimate sources, they can slip past spam filters and reach your primary inbox.

Some attackers carry out email bombing manually, relying on bots, scripts, or misconfigured third-party mail servers. Others may buy pre-made lists of vulnerable websites. Usually sold on Dark Web forums, these lists can help launch large-scale attacks without requiring technical knowledge. They often come with a script and instructions, so all cybercriminals need to do is enter an email address.

Types of Email Bomb Attacks

Email bombing can take many different forms, using slightly different tactics to achieve the same goal. The most common types of email bomb attacks include:

• Mass mailing attack: Utilizes scripts or bots to send a large volume of messages to an email address within a short timeframe. These messages often contain random or even blank content. It’s also possible for these emails to have attachments, causing a mail server to slow down or crash. It’s the most common type of email bombing.
• Subscription bombing (or list linking): Deploys a web crawler to sign you up to online newsletters, e-commerce sites, or mailing lists. This generates a lot of confirmation or welcome emails. Attackers often use this tactic to hide signs of another cyberattack, like an account takeover or fraudulent purchases.
• Amplification attack: Spoofs your email address to send messages to thousands of recipients. This triggers automated responses, such as “out of office” replies, “mailbox full” errors, and delivery failure notices. It’s called “amplification” because one forged message can generate hundreds of responses, increasing the damage.
• Image and HTML bombing: Uses large images or bloated HTML files instead of flooding your inbox with plain text. These files contain excessive HTML code, which increases their size, leading to performance issues with your email app, such as Gmail or Outlook.
• Spoofed email bombing: Sends a large volume of messages from your email address, prompting recipients to reply with angry messages or spam complaints. This not only clogs your inbox but also damages your email reputation, leading to blocklisting or email delivery issues.
• Data breach exploitation attack: Relies on credentials (like email addresses and passwords) leaked during data breaches. Malicious actors can use this information to trigger password reset requests, two-factor authentication prompts, verification code prompts, or login alerts.
• ZIP bombs: Relies on ZIP archives that expand into larger files when opened. Since the ZIP archives are typically small, they can bypass email filters. When attached to a large number of emails, ZIP bombs can overload inbox storage, causing disruptions. Malicious ZIP files can also infect your device with malware.

Risks of Email Bombing

While email bombing might be annoying, it can lead to more serious issues, like:

• Disruption of communication: A flooded inbox can bury important client mail, payment confirmations, password reset prompts, and other messages.
• Hidden security alerts: Attackers can use email bombing to hide login notifications, password reset emails, fraud detection messages, and other critical alerts.
• Targeted harassment: Email bombing can be used as a form of digital harassment against activists, journalists, or public figures. This is especially true if the sent messages are graphic, threatening, or offensive.
• System overload: An influx of emails can cause technical issues. For example, it can exhaust mail server resources, cause storage overflow, lead to email service downtime, and disrupt workflows.

How to Respond to Email Bombing

In most cases, an email bombing attack is a smokescreen for unauthorized bank transfers or changing account credentials. Your response should go beyond regaining control over your inbox. Consider taking the following steps:

• Check your bank accounts and credit card statements for any suspicious activity. You should also let your bank know you’re a victim of a cyberattack, as they can freeze your payment cards.
• Review your accounts on digital platforms that have access to your payment card, like subscription services. Check specifically for unexpected orders and unusual sign-ins.
• Go through your inbox to spot legitimate emails that report unusual activity, like notifications, password changes, or financial transactions.
• Contact your email provider, report the attack, and ask for advice on whether you can use email filters. This may also help prevent your account from being suspended.
• Change your email account password and enable two-factor authentication (2FA). That way, you’ll need to confirm your identity each time you access your inbox.

Read More

• What Is an Email Attack?
• What Is Email Spoofing?
• What Is an Email Hoax?

FAQ