Yesterday I ran across an identity fraud technique that I see several times a year. This technique is highly targeted towards a specific individual, and is difficult to block in its entirety. It’s also difficult to understand if you have no idea what is happening. I call it the DSD Technique, standing for Distributed Spam Distraction Technique. It hasn’t quite caught on yet, but you never know.
After a blast lasting anywhere from 12 to 24 hours an inbox will receive around 60,000 of these benign seeming annoyances, and then suddenly they’ll just stop. After the binary dust settles you’ll wonder what the point was. While it certainly makes it nearly impossible to use your email, it actually had one specific goal in mind, distracting you from your actual valid email. The people behind this spam blast have somehow obtained personal account information for their target as well as their proper email address. In order to hide account transaction information confirmation emails, such as purchase receipts or balance transfers which now arrive instantly via email, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood. Once the bad guys are done with their activities they’ll stop the flood.
The best thing to do if someone notices this happening is not to try to monitor their email, but instead go directly to their account(s) activity. Possibly give any that may be at risk a call in advance. Which may sound daunting, but not as daunting as sifting through tens of thousands of emails over a 24 hour period waiting for the one with the clue. These often need to be caught fast so that they can be stopped at the financial institution before they’re finalized. Play it safe and if something seems fishy like in this scenario it probably is. Good safety precautions when preforming any transaction online is key to help prevent things from getting to this point to begin with.