If you start getting an email bombed out of nowhere, being signed up for hundreds of newsletters or other email notifications, take a quick look at your credit card statements for any unknown purchases. Email bombs are often used by card thieves to hide legitimate purchase notifcation email from retailers when they use your stolen creds.
Better yet, setup transaction alerts on all your credit cards, and use a budgeting app like Monarch/YNAB to review all your household transactions each month or receive weekly email summaries.
Another reason to actually get your credit card statement via snail-mail.
I understand it is wasteful, but I go on an evening walk and pick up the mail.
The effort for me to pick up the mail and read my credit card statement is actually quite nice.
It doesn't require you to sign in, and search my house for my phone or my YubiKey, it doesn't prompt me for other credit card offers, doesn't require me to download a PDF reader.
Brian Krebs is a saint for being the perennial punching bag and target of cybercriminals but continuing to publish important information independently.
This attack is called email amplification. Any open form that triggers email sending is vulnerable. Fortunately these bots are pretty basic in my experience, putting a captcha (or anything unexpected) in front is enough to stop these bots.
Yeah I got enough of these from discord, that I emailed their abuse@ and put in a support ticket, but they ignored me. Nice to have it confirmed. I ended up doing a password rotation on the off chance it was me.
Another fun Zendesk “feature,” that, to my knowledge, has never been fixed is if you CC it on a thread with any other email address that auto-replies, it will get stuck in a loop and ping-pong emails back and forth until the mailbox fills up.
If you start getting an email bombed out of nowhere, being signed up for hundreds of newsletters or other email notifications, take a quick look at your credit card statements for any unknown purchases. Email bombs are often used by card thieves to hide legitimate purchase notifcation email from retailers when they use your stolen creds.
Better yet, setup transaction alerts on all your credit cards, and use a budgeting app like Monarch/YNAB to review all your household transactions each month or receive weekly email summaries.
> Monarch/YNAB
Yeah, right. Let some thirds party app collect all your info in their secure cloud. Do you also give Monarch login to your bank account?
Another reason to actually get your credit card statement via snail-mail.
I understand it is wasteful, but I go on an evening walk and pick up the mail.
The effort for me to pick up the mail and read my credit card statement is actually quite nice.
It doesn't require you to sign in, and search my house for my phone or my YubiKey, it doesn't prompt me for other credit card offers, doesn't require me to download a PDF reader.
Brian Krebs is a saint for being the perennial punching bag and target of cybercriminals but continuing to publish important information independently.
This attack is called email amplification. Any open form that triggers email sending is vulnerable. Fortunately these bots are pretty basic in my experience, putting a captcha (or anything unexpected) in front is enough to stop these bots.
You know, combing "bomb" with LAX makes me think really different things for awhile until my parser finally woke up ...
Ah. This explains a bunch of odd emails I received all at the same time last week.
Yeah I got enough of these from discord, that I emailed their abuse@ and put in a support ticket, but they ignored me. Nice to have it confirmed. I ended up doing a password rotation on the off chance it was me.
I was kinda confused why I got one from company that really doesn't even operate here and what was the vector with it...
Yeah, I got like 50 from bugcrowd. I figured someone found a bug somewhere, lol.
Another fun Zendesk “feature,” that, to my knowledge, has never been fixed is if you CC it on a thread with any other email address that auto-replies, it will get stuck in a loop and ping-pong emails back and forth until the mailbox fills up.