Flood of spam email? It may be a screen for fraud

If you get hit with an avalanche of obvious spam email, that's one problem. But it may also be an effort to distract you from a much bigger problem: fraudulent purchases and bank transactions made with your stolen identity and credentials.

Fred Touchette, a security analyst manager at AppRiver, wrote in a blog post recently of a Distributed Spam Distraction (DSD) technique, saying that he is seeing it several times a year. "It hasn't quite caught on yet, but you never know," he wrote.

Touchette told CSO Online that he coined the term after observing it for the past several years. "I was trying to think of something descriptive and catchy, along the lines of DDoS (Distributed Denial of Service), since they operate in a similar fashion," he said.

The targets are individuals, whose identity and personal information the thieves already have. The victims' email inboxes suddenly get flooded with thousands upon thousands of emails -- as many as 60,000 during a 12- to 24-hour period -- that contain no links, no graphics, and no advertisements. "[The contents are] nothing but mash-ups of words and phrases from literature," he wrote.

Screen shots of several emails show what is essentially gibberish. "Every email is different as well, nearly perfectly randomized, though if you comb through them carefully, you will begin to see some repeated content," Touchette wrote. "The emails themselves are obviously botnet-delivered too, because all of the senders are different, usually freemail providers, the sending IPs are all different, and the rate at which they're arriving would make one's head spin."

Although the attack, while under way, makes it almost impossible to use one's email account, the real point is to distract the user from valid email, which will likely include confirmations of purchase receipts or balance transfers from fraudulent transactions made with the victim's credentials.

[See also: Global effort stops half the world's spam]

"The attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood. Once the bad guys are done with their activities they'll stop the flood," Touchette wrote.

Others have noticed the technique, but like Touchette, they say it is not yet common. "At the moment, we have only heard about sporadic attacks and have not seen these attacks as a group or trend yet," said Liam O Murchu, manager of Security Response Operations for NAM for Norton by Symantec.

Murchu said the distraction or flooding technique is not confined to email either. "We have also heard reports of users receiving continuous phone calls in order to prevent the fraud department of banks from reaching the victim," he said, "and although details are sparse right now, we have also heard reports about this smoke-screen method being used to hide text messages from banks."

Neither Touchette nor Murchu have statistics on how successful the technique is, where the attacks originate or how many have been victimized, but they said it can be very successful when aimed at those who don't know what is going on and are overwhelmed by the amount of email.

"If victims don't realize there's something else going on, they can be tempted to ignore all of that day's email or simply delete their inbox en masse," Touchette said. "Once they do that, they won't find out about the attack until their monthly statements arrive, which could be too late to do anything about it."

He said the best way to prevent such attacks is to practice good online safety, which includes regular monitoring of accounts for any suspicious activity, keep separate accounts for specific uses, never use a debit card for an online transaction, and don't conduct any sensitive transaction over public or unencrypted Wi-Fi.

If the flood of email does start, however, Touchette wrote in his blog post that the best thing to do is ignore the email and Ã'Â go directly to your account activity. "Possibly give any that may be at risk a call in advance, which hich may sound daunting but not as daunting as sifting through tens of thousands of emails over a 24-hour period waiting for the one with the clue," he said.

"These often need to be caught fast so that they can be stopped at the financial institution before they're finalized," he said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsData Protection | MalwarelegalsoftwareDistributed Spam Distractiondata protectioncybercrime

More about CSOFredNortonSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts