Mail Bombers

Mail bombing is a specific cybercrime technique that allows hackers to clog the target’s inbox with tons of spam email messages. The term does not refer to a separate malware category. Different types of security threats could be used for mail bombing, provided they give the same desired result. However, it is safe to say that mail bombing refers to a type of spam.

Although the technique is considered to be relatively old, time and again, it makes itself known again, as it makes a comeback into the mainstream by flooding targets with multiple emails. Albeit old, this technique can be harder to detect, and that is why it remains an attractive constituent of a cyberattack.

Mail Bomber History

Mail bombing as a technique emerged in the late 1990s when the web was full of various sign-up forms, and users would provide their email addresses far more willingly. Hackers would run specific programs that used to scan those sign-up forms, and they would use the targeted emails to enter them into multiple subscription requests. As a result, the targeted inboxes would get flooded with so many emails they could disable the account almost immediately.

Needless to say, the primary reasons for such attacks were seldom based on financial interests. It used to be more about downright harassment (quite often of the political kind). However, these days mail bombers can be used to deliver messages and demands from hackers (tons of messages will definitely catch the target’s attention!) and as a diversion in various fraud attempts.

Problems with Mail Bombers

Since mail bombers are similar to spam email, it would be logical if email filters managed to catch these messages and prevent them from flooding the inbox. However, that is not the case with mail bombers. The attacks usually come from legitimate email accounts that are used for spam, and so the filters do not recognize those messages as a potential threat.

Therefore, mail bombers can be employed in online harassment because they are hard to stop. Most of the time, the mail bomber attacks are simply annoying, but if they manage to flood the inbox, it could also shut down the email service for the target account. What’s more, it is also possible for mail bombers to close various operations and cripple networks, which eventually results in a drop in productivity and profits.

Also, aside from harassment, mail bombers can also be used as a diversion tactic when a network is attacked by phishing or malware. The tactic could exhaust the target’s resources, and this would allow such dangerous programs as ransomware to enter the system easier. That is why we say that rather than being a separate category on its own, mail bombers are more like a cyberattack component.

Mail Bomber Application and Prevention

There are essentially two ways for an email bomb to reach its target. First, multiple copies of the same email can be sent out to the same address. This type of attack is usually performed by a botnet (or a network of “zombie” computers), and it can be used for a DDoS attack. Mass mailing is a relatively simple type of attack, so spam filters pick it easier.

Another way to send out email bombs is by using list linking. Remember those subscription forms from before?  When an email is signed to several subscription lists, the lists can be used to spam the victim with multiple messages from different lists. Users then need to unsubscribe from the lists if they want to avoid email bombs. Unfortunately, it can be challenging to achieve because not everyone remembers all the lists they have signed up for.

It is also challenging to prevent mail bombers from reaching you, especially if they have set their eyes on your network. Since spam filters may not catch all the email bombs, individual and corporate users have to make sure that their emails do not get recorded on suspicious subscription lists and that their account details do not get leaked. Thwarting mail bombers may require comprehensive effort, which includes regular staff training, a sophisticated security system, a powerful anti-malware tool, and healthy web browsing habits.