The University has recently received a Police notification regarding increased fraud activity targeting students and young people in the north east of Scotland. This specific fraud utilises victims compromised personal Microsoft accounts to purchase new games consoles for delivery to an unknown address.
Hackers and scammers are well versed in compromising user accounts and using them for nefarious purposes. They can do this by using phishing emails and leaked/weak passwords among many other tactics.
In this case, the attackers used an additional tactic known as an email bomb to cause confusion for the victims and delay the discovery of the fraud.
What is an Email Bomb?
An email bomb is a type of cyberattack where the target’s email inbox is flooded with massive volumes of emails. These emails can come in the form of newsletters, subscriptions, spam messages, or other forms of unsolicited mail. They are easy for attackers to implement but can cause significant disruption.
In this case, the email bomb is being used to hide the email notifications regarding the fraudulent change of delivery address and purchase of the console. The notifications are buried under large amounts of junk email, potentially allowing the delivery to be completed before the victim has discovered the fraud.
How can I protect myself?
If you notice a sudden influx of spam emails, or newsletter style emails for services you have not signed up for, you should take the following steps as soon as possible:
- Check all your financial accounts/credit cards directly for any unauthorised purchases. If you discover anything suspicious, contact the service provider immediately.
- Search your mailbox for email notifications from important accounts, including financial, online shopping, and social media. Look for any signs of unauthorised purchases or changes to your accounts, such as the addition of an unknown secondary email address or contact number (which could be used to regain access to the account later).
- Change passwords on any accounts which have been accessed fraudulently.
- Ensure you use strong, unique passwords for all accounts, and enable multi factor authentication (MFA), especially if they facilitate financial transactions.
- Utilise the services of a reputable credit checking agency to reduce your risk of identity theft.
- Use email filters to sort junk mail from important/legitimate email.
Report Suspicious Activity:
If your University account has become the victim of an email bomb, or if you suspect any other type of illegitimate activity, contact the Service Desk immediately.