Bombarded by thousands of unsolicited subscription confirmation emails in your inbox? Your organization may be experiencing an email bomb attack. Read on to learn how to survive an email bomb attack.
This type of email attack is difficult to defend against because the attacker uses automated bots to subscribe a victim’s email address to multiple lists per second, including forums and message boards, newsletters, retail mailing lists, and other everyday communications. How to survive an email bomb attack is a special concern for sectors that are experiencing drastic spikes in ransomware attacks, like healthcare.
Beyond the initial strike, a steady and annoying stream of unwanted emails can keep arriving even years after the attack. To add insult to injury, other attackers will add the victim to additional spam, phishing, and malware lists. For sectors such as healthcare especially, it is critical to keep email HIPAA compliant and secure.
Additional Reading: HIPAA Compliant Email: The Definitive Guide
An email bomb is a denial of service attack (DoS) against an email server, designed to make email accounts unusable or cause network downtime. Email bombs started in the late 1990s with high-profile cases such as the cyber attack on Langley Air Force Base in Virginia.
Historically, journalists have found themselves the target of email bombing campaigns in retribution for critical stories. Anyone can be a victim though, including government officials, policymakers, emergency coordinators, healthcare providers, and many others.
Today’s email bombs are more sophisticated and can overwhelm most spam filters. This can devastate employees’ email inboxes and disrupt an organization’s ability to communicate.
To initiate an email bomb, an attacker uses simple scripts that submit the victim’s email address to thousands of subscription registration forms on unprotected websites (such as those without CAPTCHA or opt-in email). Since these are benign websites they are categorized by spam filters as legitimate, safe messages.
Additional Reading: Your cybersecurity strategy is probably lacking
Email bombing may be used to hide important notices about account activity from victims in order to make fraudulent online transactions. Spamming the inbox distracts from the real damage that’s going on behind the scenes.
Attackers have been known to gain access to online shopping accounts and purchase expensive products, make fraudulent transactions on victims’ financial accounts, and harass domain owners into abandoning their email addresses by rendering them useless.
An email bomb attack is almost impossible to prevent because any user with a valid email address can spam any other valid email address. However, there are important ways your organization can prepare for an attack.
The Center for Internet Security (CIS) recommends following the guidelines below:
When an email bomb attack is in process, it’s essential to:
To avoid unwitting participation in an email bombing and prevent bots from using your service take the following three steps:
Attackers compile lists of vulnerable websites and sometimes even advertise how often these lists are updated. Anyone can do a quick online search to find sellers and marketplaces that will email bomb a particular email address for a low fee.
Some of the best ways to enhance your organization’s email security are through working with an inbound security and HIPAA email encryption provider and instituting employee cybersecurity training to safeguard your organization’s data.
Third-party services like Paubox Email Suite Plus block email threats before they reach your organization’s inbox with advanced features like patented ExecProtect. And, for healthcare, that means that 100% of your outgoing email is secured by Paubox as well.
It's the seamless solution for healthcare to easily send email that is secures and HIPAA compliant while protecting your inbox for cyber threats.