Why Am I Getting So Much Spam?
An Intro To Email Bombs
You’re working quietly at your desk and suddenly start getting emails. Lots, and lots, and lots of emails! You easily received 40-50 emails in just one minute! They are almost all clearly spam, many of them containing non-English characters and words in the email subject. What you can read, largely seemed to be a scattering of random topics from traveling abroad, cheap medication, and even noticing seemingly legit looking email newsletters. Now your phone is ringing, and your company’s IT department wants to know why your email account is overloading the email servers. You ask yourself, what is going on?
To explain, you can simply Google search “suddenly getting lots of spam” to see innumerable articles and examples of this exact same thing occurring, everywhere. You are not alone. These are commonly referred to as "mail bombs" and virtually without fail these attacks are the final stage of an email-hacking/data-mining effort. This kind of attack was very popular in the early 2000’s, but there was a huge resurgence in popularity of these kinds of attacks in the latter half of 2018. An attacker has likely stolen your email address as well as related purchasing information like your Amazon account information or even a Credit Card.
In one case this happened to hide a single credit card transaction of over $4,000.
The attackers simply hope that in the flood of spam (easily close to a thousand emails over 30 minutes), that you will simply miss the one legit email from Amazon about your order, or the email from your Credit Card company providing notice of a purchase.
Additionally, the attackers have been known to login to Amazon and archive their order immediately after placing it in order to make it harder for you to notice it. Other attackers have even been known to setup a filter to have these e-mails go straight to trash/spam. They could setup a filter that would have any e-mails coming from Amazon bypass your inbox already in this case. So, on top of the distraction of the “mail bomb”, even if you are diligent in searching through the emails you could very easily miss the notices about the attackers’ order.
With all the data breaches that have been happening over the last few years this is unfortunately going to become more and more common. Here's a few suggestions:
1. Use a password manager and use secure passwords. Using the password generator in the password manager is the best approach if, at all, possible.
2. Setup 2FA on every account that you can, especially your e-mail accounts. Use an authentication like Google Authenticator and use SMS as a last resort.
3. Be wary of sites that you sign up for and what information you provide.
4. Regularly check your computer for malware/viruses. There are several out there that install "key loggers" on your computer or device, to intercept your passwords as you type them in. Running regular checks of your devices with multiple scanners (Malwarebytes, ESET online scanner, Emsisoft Emergency Kit, TDSSKILLER, etc) is the best way to make sure you are clean.