Bombarded by thousands of unsolicited subscription confirmation emails in your inbox? Your organization may be experiencing an email bomb attack. Read on to learn how to survive an email bomb attack.
How to survive an email bomb attack
This type of email attack is difficult to defend against because the attacker uses automated bots to subscribe a victim’s email address to multiple lists per second, including forums and message boards, newsletters, retail mailing lists, and other everyday communications. How to survive an email bomb attack is a special concern for sectors that are experiencing drastic spikes in ransomware attacks, like healthcare.
Beyond the initial strike, a steady and annoying stream of unwanted emails can keep arriving even years after the attack. To add insult to injury, other attackers will add the victim to additional spam, phishing, and malware lists. For sectors such as healthcare especially, it is critical to keep email HIPAA compliant and secure.
Additional Reading: HIPAA Compliant Email: The Definitive Guide
What is an email bomb?
An email bomb is a denial of service attack (DoS) against an email server, designed to make email accounts unusable or cause network downtime. Email bombs started in the late 1990s with high-profile cases such as the cyber attack on Langley Air Force Base in Virginia.
Historically, journalists have found themselves the target of email bombing campaigns in retribution for critical stories. Anyone can be a victim though, including government officials, policymakers, emergency coordinators, healthcare providers, and many others.
Today’s email bombs are more sophisticated and can overwhelm most spam filters. This can devastate employees’ email inboxes and disrupt an organization’s ability to communicate.
How an email bomb works
To initiate an email bomb, an attacker uses simple scripts that submit the victim’s email address to thousands of subscription registration forms on unprotected websites (such as those without CAPTCHA or opt-in email). Since these are benign websites they are categorized by spam filters as legitimate, safe messages.
Additional Reading: Your cybersecurity strategy is probably lacking
What are the dangers of email bombs?
Email bombing may be used to hide important notices about account activity from victims in order to make fraudulent online transactions. Spamming the inbox distracts from the real damage that’s going on behind the scenes.
Attackers have been known to gain access to online shopping accounts and purchase expensive products, make fraudulent transactions on victims’ financial accounts, and harass domain owners into abandoning their email addresses by rendering them useless.
7 steps to prepare for email bomb attacks
An email bomb attack is almost impossible to prevent because any user with a valid email address can spam any other valid email address. However, there are important ways your organization can prepare for an attack.
The Center for Internet Security (CIS) recommends following the guidelines below:
- Ensure email delivery software is up-to-date, patched, and includes antivirus capabilities
- Employ “tarpitting” to block or slow traffic from a sending IP address if the traffic from that address exceeds a predefined threshold (e.g. greater than ten emails per minute)
- Consider blocking file attachments used in email bomb attacks, such as .zip, .7zip, .exe, and .rar
- Limit the maximum email attachment file size
- Ensure out-of-office, bounce back, and other automatic messages are only sent once to prevent an endless loop of recurring automatic replies
- Where possible, limit send permissions so that only internal and authorized users may send to distribution lists
- Avoid posting plain text email addresses online as attackers are able to scrape web pages for email addresses to target them for spam campaigns
6 steps to take during an email bombing
When an email bomb attack is in process, it’s essential to:
- Avoid mass deletion and use email rules to filter spam instead
- Inboxes that are critical to your organization should use failover services and notifications to protect against the deletion of important emails
- Use a bulk mail filter to help stop subscription-based emails from landing in the inbox. Simply add the newsletters that you want to your approved senders list.
- Use custom spam filters to help block emails that contain words like “confirmation,” “subscription,” or “confirm.” You’ll need to double-check that any valid emails that contain these words aren’t also blocked
- Make sure that online passwords are changed and that all of your organization’s online accounts are secured with multi-factor authentication.
- Before deleting any emails, look for suspicious activity such as unauthorized withdrawals or purchase confirmation emails that may get buried in the onslaught
Avoid being used for an email bomb attack in three simple steps
To avoid unwitting participation in an email bombing and prevent bots from using your service take the following three steps:
- Implement CAPTCHA on your website’s subscription forms
- Make sure to send opt-in emails to new subscribers to prevent unwanted emails
- Ensure you have strong inbound email security in place
You don’t want to be on an email bomb attacker’s “good” list
Attackers compile lists of vulnerable websites and sometimes even advertise how often these lists are updated. Anyone can do a quick online search to find sellers and marketplaces that will email bomb a particular email address for a low fee.
HIPAA compliant email and email bombs
Some of the best ways to enhance your organization’s email security are through working with an inbound security and email encryption provider and instituting employee cybersecurity training to safeguard your organization’s data.
Healthcare email cybersecurity
Third-party services like Paubox Email Suite Plus block email threats before they reach your organization’s inbox with advanced features like patented ExecProtect. And, for healthcare, that means that 100% of your outgoing email is secured by Paubox as well. It’s the seamless solution for healthcare to easily send email that is secures and HIPAA compliant while protecting your inbox for cyber threats.