A few weeks ago I was alerted by PayPal and Amex that a $1000+ charge from Ebay was made to my PayPal account. Someone was able to use my PayPal account for a MacBook order with overnight USPS delivery. These alerts stopped all transactions, but not the headache.
Within minutes I noticed that my linked email account had unusual activity. I received welcoming messages from bulletin boards and companies, and instructions to confirm my online registration.
First a few dozen, then hundreds, then thousands !
The email avalanche continued through the evening, with many filling my Inbox and many more in the Spam box of my Gmail account. Worried about missing real emails, I deleted the first hundred or so by hand, but then had to use mass delete to keep up with the 15,000+ messages in a few hours. The Spam folder also had 10,000+, but they needed no action. Blissfully, Gmail offers unsubscribe as part of Inbox spam identifier, which I used.
This is called an Email Bomb.
While tracking the email avalanche I turned to the Internet for insight. I surmised that the emails were used as a distraction, which the Internet search confirmed. The culprit hopes that a spending alert gets lost in thousands of other emails, so that the order goes through undetected. Luckily, not in this case, as I use text messaging to confirm large credit card orders. I even know the source of my headache, as the USPS order included delivery details. The culprit lives in Indianapolis.
I assume that the email bomb is created with a registration bot on websites that do not use captchas and such. The result is a huge nuisance and I must have lost a few regular emails, but the email avalanche stopped within two days. Since then, I got the occasional "you have not confirmed" reminders, but as a trickle. I assume that my email is still registered on many sites that did not ask confirmation, and hopefully nothing too embarrassing or disturbing. This story is also a mea culpa.
I reset my passwords and was told to replace my credit card (though that account was not breached, nor were funds removed from PayPal).
Take-home messages:
Within minutes I noticed that my linked email account had unusual activity. I received welcoming messages from bulletin boards and companies, and instructions to confirm my online registration.
First a few dozen, then hundreds, then thousands !
The email avalanche continued through the evening, with many filling my Inbox and many more in the Spam box of my Gmail account. Worried about missing real emails, I deleted the first hundred or so by hand, but then had to use mass delete to keep up with the 15,000+ messages in a few hours. The Spam folder also had 10,000+, but they needed no action. Blissfully, Gmail offers unsubscribe as part of Inbox spam identifier, which I used.
This is called an Email Bomb.
While tracking the email avalanche I turned to the Internet for insight. I surmised that the emails were used as a distraction, which the Internet search confirmed. The culprit hopes that a spending alert gets lost in thousands of other emails, so that the order goes through undetected. Luckily, not in this case, as I use text messaging to confirm large credit card orders. I even know the source of my headache, as the USPS order included delivery details. The culprit lives in Indianapolis.
I assume that the email bomb is created with a registration bot on websites that do not use captchas and such. The result is a huge nuisance and I must have lost a few regular emails, but the email avalanche stopped within two days. Since then, I got the occasional "you have not confirmed" reminders, but as a trickle. I assume that my email is still registered on many sites that did not ask confirmation, and hopefully nothing too embarrassing or disturbing. This story is also a mea culpa.
I reset my passwords and was told to replace my credit card (though that account was not breached, nor were funds removed from PayPal).
Take-home messages:
- Set confirmation text messages for (large) orders.
- Use 2-step verification on financial and other sensitive accounts.
- Keep Inbox mostly empty.
