Email Flooding Makes A Comeback With Thousands Of Sent Messages In A Single Blast
By: Jim Stickley and Tina Davis
March 4, 2019
Most of us have busy email accounts, especially at work. Clearing an inbox is something we aspire to, but few manage to achieve. Now, imagine opening your work email to find thousands and thousands of emails flooding your inbox. Email flooding is making a comeback and while users are scratching their heads, there’s a very good chance their email accounts are under attack. Unfortunately, that’s just the beginning.
Hackers are going old school with email flooding for one main reason: It works. The reason it’s so effective is because swimming among the thousands of emails are those about legitimate account activity. The flood of email distracts victims while they are perpetrating some form of Business Email Compromise (BEC). Email content about fraudulent transactions ranging from account changes like password changes, purchase receipts, and other financial transactions are lost somewhere in the tsunami that hit your inbox. The idea behind flooding is that you’ll never find those critical emails in an inbox seeming to have no end. Aside from personal accounts affected, the potential damage done to a business and its financial accounts is impossible to know until it’s too late. By the time these damaging emails are discovered, hackers are busy counting your company’s money.
Also called “spam blast,” email flooding is a huge challenge for anyone, and IT departments are at a loss protecting sensitive information from theft. The email spammers who once used botnets and free mail accounts for the deluge now have all the information they need on the dark web. For about $40, a hacker gets a user’s email account and more, allowing them to send 20,000 emails to an account. Each of the emails has an individual sender. As such, there’s no real way to block the senders and spam filters are easily bypassed.
Security professionals see the need for new and improved methods of detection, especially when the future of a business is at stake. Company IT departments and cybersecurity providers need to take some time to reevaluate their email security, including user email behavior profiling. In addition, combining profiling with successfully detecting email anomalies can help prevent email flooding attacks at the outset. Commitment to this anti-spam strategy is a great start, but not enough on its own.
Training employees to spot email spam is a critical part of this plan. This is because putting malicious links and attachments in email messages remains the top method for getting information on an organization; be it someone’s email login credentials to the passwords to the financial accounts. Ongoing cybersecurity education is necessary to detect and prevent email spam attacks, and especially phishing.
Hackers may be returning to an old tactic with email flooding attacks, but new and improved approaches to email security may be their biggest problem.