Results 1 to 13 of 13

Thread: Mail scams

  1. #1
    Mail scams
    Not sure where to post this. This morning I received 350 emails, all from different addresses at virtually the same time, Is this phishing? How is this possible and what do they hope to gain from it? Appreciate advice

    Thank you

    poppi

  2. #2
    Mail scams
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,440
    Your Mac's Specs
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS High Sierra 10.13.6
    Hi poppi.

    This sounds very much like what is called "email bombing".

    An email bombing is an attack on your inbox that involves sending massive amounts of messages to your address and is often a distraction used to bury an important email in your inbox and hide it from you.

    I don't mean to alarm you at all; but I suggest you read the following article carefully which explains how to deal with this: How Email Bombing Uses Spam to Hide an Attack

    Of course, there may some innocent explanation; but better to be safe than sorry.

    Please post back and keep in touch with us till this is resolved.

    Ian
    Ian

  3. #3
    Mail scams
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    11,246
    This sounds very much like what is called "email bombing".

    Thanks for this info Ian, and I was not aware of such tactics.


    - Patrick
    ======

  4. #4
    A "phishing" attack is one where you get a very legitimate looking email requesting to verify your credentials at your bank or some other account. Once you enter your info, you are told that it was invalid and the site redirects you to the REAL site. You thinking you just mistyped something, enter your credentials again and it now works. Thinking nothing of it you move on not realizing that you gave your real credentials to a scammer.

    Other types of attack, like this email bombing one, are more of a overwhelming attack that don't yield a lot of value. A DDoS (Distributed Denial of Service) attack usually targets websites and the purpose is to cause disruption to the site and cause them to lose money. The "hacker" doesn't get any vital information or anything.
    --
    Regards
    ...Ashwin


  5. #5
    Mail scams
    ferrarr's Avatar
    Member Since
    May 21, 2012
    Location
    Pawtucket, RI, US
    Posts
    6,160
    Your Mac's Specs
    L2014 Mac mini macOS 14, iPhone 8+ iOS 12, 12.9" iPad Pro 1 iOS 12, Pencil 1
    Is this in an email app, like macOS Mail, Outlook, etc, or is this when you login to your email online?
    -- Bob --
    Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to.

  6. #6
    Mail scams
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,440
    Your Mac's Specs
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS High Sierra 10.13.6
    Quote Originally Posted by Raz0rEdge View Post
    A "phishing" attack is one where you get a very legitimate looking email requesting to verify your credentials at your bank or some other account. Once you enter your info, you are told that it was invalid and the site redirects you to the REAL site. You thinking you just mistyped something, enter your credentials again and it now works. Thinking nothing of it you move on not realizing that you gave your real credentials to a scammer.

    Other types of attack, like this email bombing one, are more of a overwhelming attack that don't yield a lot of value. A DDoS (Distributed Denial of Service) attack usually targets websites and the purpose is to cause disruption to the site and cause them to lose money. The "hacker" doesn't get any vital information or anything.
    Totally agree, Ashwin.

    My only additional concern is nicely stated in this quote from the article I linked:

    "An email bombing is often a distraction used to bury an important email in your inbox and hide it from you.

    For example, an attacker may have gained access to one of your accounts on an online shopping website like Amazon and ordered expensive products for itself.

    The email bombing floods your email inbox with irrelevant emails, burying the purchase and shipping confirmation emails so you won’t notice them."


    Therefore you have to check all these emails in case confirmation of a purchase you didn't make is buried within the 350 emails. Don't just block-delete them.

    Ian
    Ian

  7. #7
    Mail scams
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,440
    Your Mac's Specs
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS High Sierra 10.13.6
    @poppi

    Did you get this sorted? Need any more help?

    Ian
    Ian

  8. #8
    Quote Originally Posted by IWT View Post
    Totally agree, Ashwin.

    My only additional concern is nicely stated in this quote from the article I linked:

    "An email bombing is often a distraction used to bury an important email in your inbox and hide it from you.

    For example, an attacker may have gained access to one of your accounts on an online shopping website like Amazon and ordered expensive products for itself.

    The email bombing floods your email inbox with irrelevant emails, burying the purchase and shipping confirmation emails so you won’t notice them."


    Therefore you have to check all these emails in case confirmation of a purchase you didn't make is buried within the 350 emails. Don't just block-delete them.

    Ian
    That is an interesting scenario. But a lot of people tend to filter/label their frequently received emails into buckets. I, for one, filter all of my online purchases into a separate bucket so that I can review the info and keep track of receipts easily. I have similar other buckets for other types of emails, so a email bombing attack with totally random addresses and subjects wouldn't hit those buckets and so I would know immediately when purchases start showing from Amazon that I didn't intend.
    --
    Regards
    ...Ashwin


  9. #9
    Mail scams
    Cr00zng's Avatar
    Member Since
    Jan 01, 2014
    Posts
    314
    Your Mac's Specs
    MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
    That's smart Ashwin... Even if this type of filtering is not set up in advance, one could filter out either the suspected purchases, financial institution notification and other important emails after the email bomb went off...

  10. #10
    Quote Originally Posted by Cr00zng View Post
    That's smart Ashwin... Even if this type of filtering is not set up in advance, one could filter out either the suspected purchases, financial institution notification and other important emails after the email bomb went off...
    With Gmail's ability to handle "username+<additional text>@gmail.com" email addresses, I tend to attach specific additional text to email addresses for multiple reasons. 1) It's easier to filter everything send to username+amazon@gmail.com to my Amazon bucket (I do WAY too much Amazon shopping) and 2) if I start getting email from ANYONE other than Amazon on that account, I know Amazon sold my email address to someone else.

    I use this tactic wherever the "+<text>" is available. A lot of sites, however, use a strict interpretation of email address being <only alphanumeric characters>@<alphanumeric characters>.<some combination of com|net|org or alphanumeric characters>. In this case, my tactic fails.
    --
    Regards
    ...Ashwin


  11. #11
    Mail scams
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,752
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    Ashwin how do you know when the +<text> option is available?


    Sent from my iPad using Mac-Forums
    I used to be conceited but now I'm perfect.

  12. #12
    Quote Originally Posted by Rod Sprague View Post
    Ashwin how do you know when the +<text> option is available?


    Sent from my iPad using Mac-Forums
    Rod, unfortunately by trail and error. I default to always trying it when registering for a new account. When the sign up page throws an error about an incorrect or invalid email address, then I revert back to the basic Gmail address.
    --
    Regards
    ...Ashwin


  13. #13
    Quote Originally Posted by IWT View Post
    @poppi

    Did you get this sorted? Need any more help?

    Ian
    It hasn't occurred again, not because of anything special I did but it appears to have gone away. Thanks for asking

    poppi

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. E-mail Scams
    By lclev in forum Security Awareness
    Replies: 9
    Last Post: 08-03-2018, 07:00 PM
  2. iPad Scams
    By Lotus Esprit in forum iPad Hardware and Accessories
    Replies: 0
    Last Post: 04-20-2010, 06:04 AM
  3. Nigerian Scams
    By Mjc.americor in forum Schweb's Lounge
    Replies: 17
    Last Post: 09-01-2008, 03:01 PM
  4. What's with all the eBay scams?
    By fiveightandten in forum Switcher Hangout
    Replies: 6
    Last Post: 01-12-2007, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •