Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
27.5k

If you start suddenly getting email/spam "bombed" there's probably a reason

I'm not 100% sure how well this fits here (it is financial), but I wanted to warn as many people as possible.

Last week on Tuesday morning I was sitting at my desk and suddenly started getting emails. Lots, and lots, and lots of them. 30-40 every minute. They were clearly spam. Many of them had russian or chinese words, but random.

I called one of our IT guys and he confirmed it was just me. And the traffic was putting a strain on our mail server so they disabled my account. By that point I have over 700 emails in my inbox. They were bypassing the spam filter (more on that later). After a different situation that happened a few months ago, I've learned that things like this aren't random.

So I googled "suddenly getting lots of spam". Turns out, scammers do this to bury legitimate emails from you, most often to hide purchases. I started going through the 700+ emails one by one until I found an email from Amazon.com confirming my purchase of 5 PC graphics cards (over $1000).

I logged into my Amazon account, but didn't see an order. Then I checked - sure enough those cheeky bastards had archived the order too. I immediately changed my password and called Amazon..

I still haven't heard from their security team HOW the breach happened (If they got into my amazon account by password, or did a "one time login" through my email.) The spam made it through our spam filter because the way this spam bomb was conducted, they use bots to go out to "legitimate" websites and sign your email up for subscription etc. So then I'd get an email from a random russian travel site, and our filters let it through.

Either way - we got the order cancelled before it shipped, and my email is back to normal - albeit different passwords.

And I honestly thought about shipping a box of dog crap to that address (probably a vacant house) but I decided against mailing bio-hazardous waste.

Either way - if you see something suspicious - investigate!

Edit: Thanks for all the great input everyone. Just finished putting 2FA on every account that allows it. Hopefully keep this from happening again!

946 comments
95% Upvoted
What are your thoughts? Log in or Sign up log in sign up
level 1
Comment removed by moderator 1 month ago (73 children)
level 2
Comment removed by moderator 1 month ago (0 children)
level 3
Comment removed by moderator 1 month ago (0 children)
level 5
Comment removed by moderator 1 month ago (0 children)
level 6
Comment removed by moderator 1 month ago (0 children)

1 more reply

1 more reply

level 5
Comment removed by moderator 1 month ago (0 children)
level 6
Comment removed by moderator 1 month ago (0 children)
level 7
Comment removed by moderator 1 month ago (0 children)
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At
level 8
Comment removed by moderator 1 month ago (0 children)

1 more reply

2 more replies

11 more replies

2 more replies

level 3
Comment removed by moderator 1 month ago (0 children)
level 4
Comment removed by moderator Worth Card It Iytc It Iytc Worth Card (0 children)

4 more replies

1 more reply

level 3
Comment removed by moderator 1 month ago (0 children)
level 4

Can you elaborate on what you mean? Why would his email addresses show up on the internet? I only found these email addresses on my credit report because he tried to open accounts with them, not really sure how they could show up on a web search.

level 5

Xcel sheets, webpages, logs, complaints (maybe someone else posted his email as a complaint) could be any number of reasons..try searching your own email and see what you get.

1 more reply

3 more replies

level 2
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At Original Poster 272 points · 1 month ago

Yes!

1 more reply

level 2
39 points · 1 month ago

Why wouldn’t they just change their email in .3 seconds?

level 3
106 points · 1 month ago

The contact email was coded into whatever bug got onto our server.

upon logging into the server, I was presented with page that said (roughly) "All your files have been encrypted! Here is your identification code, contact this email address to get the decryption key. You have three days before decryption becomes impossible."

So, they cast a wide net, find servers with poor security, infect them automatically and then their victims reach out to the email address if they've got irreplaceable files encrypted.

So at the very least, the scammers will probably have to register a new address, and update their software with it.

I was happy with causing them any inconvenience.

level 4
14 points · 1 month ago

I'm not too knowledge about these things so maybe there is a simple explanation to this but isn't this also bad for the people that got the ransomware and paid to get their information back?

Like won't the payment confirmation be lost in the spam emails?

level 5
85 points · 1 month ago

It's a bit of a moral dilemma.

On one hand, there may have been people trying to pay ransoms for their data who had their messages lost in my deluge of emails.

On the other hand, there is zero guarantee that the ransomers would have returned a valid decryption key--you have to pay them $7,000 entirely on faith. Did I lose them their files forever, or save them from losing an extra $7,000? There's a significant chance the ransomers wouldn't have lifted a finger to help them after the bitcoin cleared.

On top of the dilemma of "deciding" other people's outstanding ransoms by killing the point of contact, there's--I think--a greater responsibility to not further finance and enable these thieves.

If you pay, they will grow like a cancer, extorting more and more people with better, more insidious tools they can afford to develop. They need to be starved. There needs to be no negotiation with terrorists.

At least, that's easy to say when it isn't your job/secrets/memories/records on the line.

3 more replies

1 more reply

3 more replies

1 more reply

18 more replies

level 1
3.1k points · 1 month ago · edited 1 month ago

These are commonly referred to as "mail bombs" and I have seen several of these with different clients over the years. In fact, one of my clients had this happen last week to hide a credit card transaction of over $4,000.


With all of the data breaches that have been happening over the last few years this is unfortunately going to become more and more common. Here's a few suggestions:


  1. Use a password manager and use secure passwords. Using the password generator in the password manager is the best approach if at all possible.

  2. Setup 2FA on every account that you can, especially your e-mail accounts. Use an authentication like Google Authenticator and use SMS as a last resort.

  3. Be wary of sites that you sign up for and what information you provide.

  4. Regularly check your computer for malware/viruses. There are several out there that install "key loggers" on your computer or device to intercept your passwords as you type them in. Running regular checks of your devices with multiple scanners (Malwarebytes, ESET online scanner, Emsisoft Emergency Kit, TDSSKILLER, etc) is the best way to make sure you are clean.

  5. Setup alerts on all financial accounts, particularly on bank and credit card accounts. I have alerts setup for any transaction $1.00 or more (or whatever the minimum is) and receive SMS and e-mail alerts the moment a transaction happens.

Glad you caught this so quickly and avoided a much bigger problem. Amazon's customer service is the best in the industry so I am not sure why that experience was "weird" for you. You mentioned they were dodgy. I would imagine this situation was not something that the lower level customer service reps deal with. They're likely used to the typical "process my refund", "cancel my order", etc type phone calls. The great thing about Amazon is it's very easy to cancel an order via the online portal. Change your password and setup 2FA.


What other scammers do in these cases if they have access to your e-mail is setup a filter to have these e-mails go straight to trash. They could setup a filter that would have any e-mails coming from Amazon bypass your inbox and go straight to trash. Honestly, this would have been the better way for them to do it but I would imagine they likely didn't have access to your e-mail account, which is why they wanted to flood the account instead.

level 2
Original Poster 757 points · 1 month ago

Thank you for your response. Yes, we don't believe they had access to the email.

By dodgy, I just mean that they kept saying "we will be in touch in 48 hours" but didn't. I used chat to ask them and the response was "2 more days please". Then after 2 days "We don't see a record of escalation to security team, we will do that now (5 days later)."

Turned out that it had been escalated and someone didn't close the ticket out. But they still won't tell me if they logged in directly or did a one time login.

I just turned on 2FA. Thanks!

Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At
level 3
297 points · 1 month ago

Most likely for security reasons they don't reveal too much information so people can't ask a bunch of questions to find out how Amazon authenticates.

level 4

I am a developer. Sometimes, I get involved in remote troubleshooting for a client. We may end up doing a lot of dirty work (custom versions of our products installed, verbose logging, all kinds of profiling, etc). Usually there's one or two developers involved, someone from the support team and someone who works for the client. We may end up fixing the problem right then and there or figure out that we need to address the issue with a later update. We, the developers, never inform the client or the support people about what the issue was or how we aim to fix it, that's not our job. Furthermore, there's a big chance that telling support about technical issues and their fix will be poorly understood and create communication problems. On top of that, even if I consider the fix trivial and I want to rush a patch in the next two hours, the person who decides what is released and when might have other plans. So for a lot of big companies developers just don't inform support about how the issue was fixed or investigated because than can create problems or can even end up in lies being told to the client.

level 5

Very well said. User name makes sense. I will say that support can get pressed to provide an explanation and we will have to come up with an analogy without disclosing details. All sorts of issues with api ndas and all that.

level 4
57 points · 1 month ago

And of course if it was an employee they hide that too

level 5
Comment removed by moderator 1 month ago (41 children)
level 6
68 points · 1 month ago

If an employee can see your password in plaintext they are not a legit company from an IT security standpoint.

Take that, Facebook!

level 6
7 points · 1 month ago

Didn't Facebook have passwords in plain text internally?

Thought i heard something like that a few weeks or months ago.

level 7

Yeah, but that was by mistake, and in server logs, not where customer service staff was able to see it (or even know it was there). IIRC.

4 more replies

level 7

They were logging web traffic, which contained passwords. They were capturing your password by accident, the logs should have had the password field removed before being written to disk.

3 more replies

2 more replies

28 more replies

6 more replies

level 3

I have a client that had something similar except they were being signed up for hundreds of websites a minute. All of the incoming messages were 'welcome, and thanks for signing up' type of messages. Sure enough, their verizon account was compromised and someone bought several iphones.

level 4
Original Poster 27 points · 1 month ago

It was thw same thing. Thats how they got through spam filter.

1 more reply

level 3
58 points · 1 month ago

I just turned on 2FA

If you can, avoid 2FA with SMS and use instead something like Authy or Google Authenticator. Depending on how hard someone wants to target you, they could get your phone number onto a new sim and receive the SMS. Also many people have SMS come through to their laptops, which lowers the security. Also SMS is unencrypted so people can listen in with a device like the Stingray.

Edit: missed in their comment they said to avoid SMS. I'm providing the reason why though :)

Also there was a time where many Youtubers got hacked because they used SMS 2FA.

level 4
11 points · 1 month ago

I've read that if you use Google Authenticator and lose your phone, you're SOL since they don't use backup. Shouldn't that be a deal breaker? I'm trying to decide which one to go with.

level 5
13 points · 1 month ago

Google Authenticator implements a standard protocol called Time-based One-Time Password which is not proprietary to Google. There are quite a few third-party apps that implement the same protocol, and they are interchangeable.

I use 1Password - I have it on my phone and on my computers at home. Its database contains the unique information necessary to generate my one-time passwords for various logins, and that database is synced via Dropbox. Even if I lose my phone and computers, I can re-sync to a new device and be right back up and running.

Though it occurs to me that if I turn on 2FA for Dropbox, then how do I get back in in the event of a catastrophic loss of devices (house fire, etc)? Hmm... I should probably research that.

6 more replies

Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At level 5

Yes there's not a good way to back up the app, especially without root. This makes it more secure but yes if you don't have backup codes for the websites then you could get locked out

1 more reply

4 more replies

level 4
8 points · 1 month ago

My SMS show on my PC using the Android and Chrome plugin 'Join' (prior to that I used 'Air'). Is that a security risk? It's so useful but not enough to risk losing my savings if it's a real weak point. Almost everything with 2FA that I have, offers to send codes via SMS if I can't access my codes, surely then using an authenticator offers no better protection than SMS as a thief can just click to use alternative methods - or am I missing something?

level 5

The security risk with apps like Join is that someone could access the PC that Join is connected to. I haven't looked much into Join, but I'm sure it uses end-to-end encryption and it's not easy for someone to hack into your account so it is secure in those ways.

Also yes, if there's a way into your account with 2FA then you can be sure a hacker would just use that way around 2FA. I try to exclude my phone number from as many websites as possible because of this. But in the end, most websites cater to the bottom denominator which is someone who can't remember their simple short password used on every website and can't be bothered to use 2FA.

1 more reply

6 more replies

More posts from the personalfinance community
6.5k
Comments are locked
6.5k
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At 966 comments
5.5k
Posted by 6 days ago
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At
5.5k
527 comments
1.0k
889
889
459 comments
718
718
732 comments
568
Posted by 4 days ago
568
219 comments
383
383
45 comments
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At
Continue browsing in r/personalfinance
Community Details

13.7m

Members

5.3k

Online

Learn about budgeting, saving, getting out of debt, credit, investing, and retirement planning. Join our community, read the PF Wiki, and get on top of your finances!

r/personalfinance Rules
1.
Submission guidelines
2.
Self-promotional advertising or soliciting
3.
Unhelpful or disrespectful
4.
Asking for handouts or transactions
5.
Legal discussion
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At
6.
Politicizing
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At
7.
Lawbreaking information
8.
Personal attack or abusive language
9.
Relationship or personal advice discussion
10.
Other bad behavior
Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At Jackets Australia Pants amp; Dresses Sale More Coats Review - On Knitwear At Jackets
Review Australia - Dresses, Knitwear, Coats, Jackets, Pants & more on sale at Review Australia