What is email bombing?

Also known as “subscription bombing,” email bombing is when you suddenly get a bunch of emails, from various websites, all at once. They’re all confirming things you never signed up for, and all of them are addressed to your actual email.

Using automated scripts that locate forums, newsletters, and other sites online, your info is automaticly entered. And because it’s an automated process, a bad actor can signe you up to hundreds of sites pretty quick—and have hundreds of emails on their way to you, all at once. The sheer volume of messages in an email bomb can be overwhelming, even causing Outlook to choke—and that’s the point. To disorient you. Why?

Why you might be email bombed

Here are three possible reasons why it’s happening to you:

• A prank: The least security-driven reason behind an email bomb is pranking you. It is annoying. It is the digital equivalent of signing people up for magazine subscriptions.
• Malicious links: You could be tricked into clicking on malicious links buried in the “unsubscribe” portion of the text. You get a bunch of mysterious, unwanted emails from legitimate businesses or sites, so you click the “unsubscribe” without thinking too much about it—exactly what they want you to do-and then your computer is compromised.
• Distraction: This is the most likely—and dangerous. Someone has compromised a credit card, bank account or something, and then made illicit purchases, or made some changes to your accounts they don’t want you to see. So, they bomb your email so that you miss any important communications or notices buried in the truckload of email that got dropped into your mailbox.

Scammers hope that you’ll just mark everything as spam and delete it without paying close attention, missing important emails informing you of charges, changes to your accounts (like passwords or two-factor settings), or other scams.

Bottom line

If your mailbox is unexpectedly inundated with a ton of email by an email bomb, don’t assume it’s a prank or a mistake—assume you’re under attack. Don’t click any links in the email, open attachments or reply to the emails. While you do want to review them for any legit emails or notifications, you also want to be cautious. Sometimes email filters can be turned to help, but nothing beats an informed user.