Summary
In the event of a list bombing attack and potential account compromise, a multi-faceted approach is crucial. It begins with understanding the scope of the breach and identifying affected accounts, especially high-value ones like banking and email. Immediate actions include carefully monitoring financial accounts for suspicious activity, contacting your ESP to mitigate malicious subscriptions, and setting up fraud alerts with credit bureaus. Enhancing account security by changing passwords (except during the height of the attack), enabling two-factor authentication, and using password managers is vital. Being vigilant for phishing attempts and regularly reviewing app permissions are also key. Long-term protection involves opting out of data broker sites and adjusting privacy settings. It's important to remember the attack will likely subside in 48 hours. Further, know to report incidents to authorities like the FTC and consider identity protection services for ongoing security.
Key findings
- Scope and Target: List bombing often masks another attack. Be aware that you might be targeted to distract you from other events, such as an attempted account takeover.
- Phishing: High-value accounts are the likely target. Always be on the lookout for phishing attempts on financial, social media and email accounts.
- Initial Actions: Contact your ESP to purge bad subscriptions. Monitor accounts.
- Password Management: Change compromised passwords after the initial attack, use a password manager, and enable 2FA.
- Financial Safety: Set up fraud alerts with credit bureaus and monitor for suspicious activity on financial accounts. Consider a credit freeze.
- Long-term Strategy: Opt out of data brokers, review privacy settings, and consider identity protection services.
- Attack Duration: Expect most of the attack volume to subside within 48 hours.
- Deliverability Impact: List bombing can significantly impact deliverability as mailbox providers throttle or block the email account.
Key considerations
- Distraction factor: Assume the list bombing is designed to distract you from other events that are occurring, so be extra vigilant.
- Reporting the crime: Report any evidence of a crime to the authorities, especially if money was lost. Do this early so it's not forgotten later.
- Password resets: Never reset your password during an ongoing attack. Wait until it subsides and ensure the computer is free of malware, then use a password manager with two-factor authentication to make changes.
- Account Organization: Use groups or aliases to help sort the accounts and filter by sender.
- Think long-term: Take proactive steps to reduce exposure, such as opting out of data broker sites. Use a password manager
- Third-party Permissions: Check the permissions of third-party apps connected to your social media and email accounts, and revoke them as needed.
- Leverage Support: Contact fraud support teams to ensure that all is being handled correctly.
What email marketers say
22 marketer opinions
In the event of a list bombing attack and potential account compromise, the primary focus should be on securing sensitive accounts and preventing further unauthorized access. Immediate actions include identifying the scope of the breach, changing passwords (except during the initial attack phase), enabling two-factor authentication, and monitoring financial accounts for suspicious activity. It is recommended to contact ESPs to purge malicious subscriptions, consider using a password manager with unique passwords, and be wary of phishing attempts. Additionally, measures such as placing credit freezes, opting out of data brokers, and adjusting privacy settings can help mitigate long-term risks.
Key opinions
- Scope of Breach: Identify affected accounts, prioritizing high-value ones like banking and email.
- Password Security: Change passwords (after the initial attack), use a password manager for unique, strong passwords. Avoid resetting passwords during the initial flooding.
- Two-Factor Authentication: Enable 2FA on all possible accounts for an extra layer of security.
- Financial Monitoring: Closely monitor financial accounts and credit reports for unauthorized activity; set up fraud alerts and consider a credit freeze.
- Phishing Awareness: Be cautious of phishing attempts, as attackers may leverage compromised information.
- Contacting ESPs: Reach out to ESPs to purge malicious subscriptions and mitigate the list bombing.
Key considerations
- Timing of Password Changes: Avoid changing passwords during the initial list bombing phase to prevent potential lockouts due to malicious password reset attempts.
- Long-Term Protection: Consider using tagged email aliases and adjust privacy settings to limit future exposure.
- Reporting Incidents: Report incidents of fraud or identity theft to relevant authorities like the FTC.
- Proactive Measures: Opt-out of data broker sites and regularly review app permissions to minimize personal data exposure.
- Credit Union support: Leverage fraud support from banks or credit unions as a primary course of action.
- Account monitoring: Use services like “Have I been pwned” to monitor for potential breaches.
Marketer view
Marketer from Email Geeks shares to reach out to the various ESPs, explain you are being added malicious to accounts/lists and ask for a purge from subscriptions for the last X timeframe.
15 Jun 2023 - Email Geeks
Marketer view
Email marketer from Reddit explains to report the incident to relevant authorities, such as the FTC or local law enforcement, especially if identity theft or financial fraud has occurred.
26 Apr 2022 - Reddit
What the experts say
7 expert opinions
In the event of a list bombing attack, immediate steps should be taken to mitigate the damage. It's crucial to monitor emails closely, especially those related to password resets or sensitive accounts, and to update security measures like passwords and two-factor authentication. Creating inbox rules to filter out subscription confirmation emails can help manage the volume. Contacting your ESP is important to help mitigate the attack. Although the bulk of the attack might subside within a couple of days, list bombing can negatively impact email deliverability by causing throttling or blocking by mailbox providers.
Key opinions
- Attack Duration: The main volume of a list bombing attack usually subsides within 48 hours.
- Email Monitoring: Closely monitor emails for password reset requests and suspicious activity on sensitive accounts.
- Security Updates: Update email passwords, enable two-factor authentication, and run malware scans.
- Inbox Rules: Create inbox rules to filter out subscription confirmation emails.
- ESP Contact: Contact your Email Service Provider (ESP) for assistance in mitigating the attack.
- Deliverability Impact: List bombing can lead to throttling or blocking by mailbox providers, affecting email deliverability.
Key considerations
- Proactive Filtering: Set up rules to automatically delete subscription confirmation emails to reduce clutter.
- Kickbox integration: Implement measures to mark the compromised email address as undeliverable for new sign-ups.
- Ongoing Monitoring: Continue to monitor accounts even after the initial attack subsides.
Expert view
Expert from Email Geeks shares to keep an extra close eye on emails trying to reset passwords, or access sensitive accounts like banking or other financial, along with your social accounts. possibly run a search of your inbox for terms like password reset, successful login, or other terms like this.
3 Mar 2022 - Email Geeks
Expert view
Expert from Email Geeks explains that there isn’t much you can do. One of their addresses got bombed a few years ago (targeted harassment) and most of the volume passed in 48 hours or so.
16 Aug 2022 - Email Geeks
What the documentation says
4 technical articles
Following an account compromise, security documentation emphasizes immediate and thorough action. It's crucial to change passwords for all affected accounts, prioritizing those with shared passwords, and to enable multi-factor authentication for enhanced security. Continuous monitoring of financial accounts, credit reports, and credit card statements is essential to detect and report any unauthorized activity. Running a full system scan with anti-malware software can help remove any malicious software. Reviewing and revoking permissions granted to third-party apps connected to email and social media accounts reduces the risk of unauthorized access.
Key findings
- Password Changes: Change passwords for all affected accounts, particularly those with shared passwords.
- Multi-Factor Authentication: Enable multi-factor authentication (MFA) on all accounts where available.
- Financial Monitoring: Monitor financial accounts, credit reports, and credit card statements for unauthorized activity and report any suspicious transactions immediately.
- System Scan: Run a full system scan with reputable anti-malware software to detect and remove any malicious software.
- App Permissions: Review permissions granted to third-party apps connected to email and social media accounts and revoke access for any apps no longer used or not recognized.
Key considerations
- Timeliness: Take these steps immediately upon detecting a compromise.
- Thoroughness: Ensure all affected accounts are addressed, and permissions are thoroughly reviewed.
- Reporting: Report any suspicious transactions or signs of identity theft to the relevant authorities.
Technical article
Documentation from Federal Trade Commission advises to closely monitor bank accounts, credit card statements, and credit reports for any unauthorized activity and to report any suspicious transactions immediately.
14 Dec 2023 - Federal Trade Commission
Technical article
Documentation from CISA (Cybersecurity and Infrastructure Security Agency) recommends running a full system scan with reputable anti-malware software to detect and remove any malicious software that may have been installed during the compromise.
23 Nov 2022 - CISA
Are people still falling for email scams?
How can I identify and remove email addresses submitted via list bombing?
How can I prevent brand and sender profile impersonation in emails and what actions can I take?
How can you identify the source of unsolicited emails and prevent data leaks?
How should I handle Abuse Feedback Reports from USGOabuse.net regarding subscription bombing?
What are the objectives and mitigation strategies for IP list bombing on email sign-ups?
