Mailbox Bomb Image

Update 4/3/2018

We’ve seen an increase of customers reporting email bombs, specifically the Distributed Spam Distraction (DSD) attack, over the past couple weeks.  On Monday, 4/2/2018, 6 different attacks were reported to our teams.  Fraudulent Best Buy pickup orders have been a common theme observed during these attacks, however, any type of identity theft or fraudulent activity may occur by attackers.  We recommend victims being monitoring accounts for any suspicious activity first, then contact us for assistance in mitigation the email bomb.

Original Blog:
Email Bombs Increasing in Frequency

Email bombs in the cyber-security industry are classified as a form of a Denial of Service (DoS) attack. The victim faces an insurmountable volume of messages quickly filling up their mailbox when this attack commences. With enough volume, this effectively renders their email box useless. Victims attempt to make sense why an avalanche of messages suddenly are filling up their account, however, this is no accident.

Motives for the attack vary from revenge to financial fraud.  As mentioned in our 2017 Global Security Report DSD section, they are usually to disguise some type of fraudulent activity taking place while the storm of emails distract.  Fraudulent activity observed during these attacks range anywhere from unauthorized Russian airline ticket purchases to Apple store orders.

We recommend customers monitor their financial and retail accounts for any suspicious activity first, then contact us for assistance in mitigation. 

Weak Website Newsletter & Form Sign-Up Verification

While methods of attack vary, most attacks we have observed use legitimate newsletter sign-ups from normal websites. This is a distributed denial of service attack (DDoS) since messages originate from numerous sources. The email bombers utilize automated bots which crawl the web searching for newsletter sign-up pages and forms that don’t require a form of live-user authentication. Utilizing live-user verification on sites a real person would have to recognize and enter into the site before signing up would help reduce this attack surface.  Attackers maintain a list of these vulnerable sites.  On demand, the bots will sign an unlucky recipient up for all these newsletters all at once.  This generates the thousands of emails arriving immediately. That doesn’t include the annoying steady flow of newsletters that keep arriving over time after the initial attack.

Dark Web Attacks for Hire

Unfortunately there are many sellers and marketplaces on the dark web catering to anyone wishing to email bomb someone.  These sellers will request the email address and starting time desired for the email bomb.  Rates vary for email bombs, however, the most “reputable” seller charges approximately $20 per 5000 messages with price breaks for higher quantities ($40 for 20,000 and so on).  Other less common methods utilize bulk mailing software and stolen email accounts to create the email bomb.  We’ve included some example advertisements below pulled from one of the most popular dark web markets.

Email Bomb Ad

Dark Web Email Bomb Ad

Dark Web Email Bomb Software


Are you following AppRiver’s social media? Like us today on FacebookTwitter, YouTube and LinkedIn.


Want to know what threats to expect in 2018?

Have a thought on this article? Share it here.