GUEST ESSAY: Why any sudden influx of spam emails is an indicator of a likely security issue

By Zac Amos

We all get spam emails, and while it’s annoying, it’s not usually anything to worry about. However, getting a huge influx of spam at once is a warning sign. People suddenly getting a lot of spam emails may be the target of a sophisticated cyber-attack.

Related: How AI can relieve security pros

What causes spam emails? Someone leaking, stealing or selling account information can cause a sudden influx of spam emails. It may also be a part of a more targeted attack. There are four main causes of spam emails:

•Sold email: Websites sometimes sell email address information to third parties.

•Spam interaction: Previous interactions with spam are a signal to scammers. They send more messages when they know the account is active and possibly interested.

•Leaked email: Companies or third-party vendors put email address security at risk when they experience data breaches.

•Mailing list: Signing up for a mailing list may trigger spam. Even without hitting enter, simply typing the information into a website is enough for them to get ahold of it.

While these aren’t the only reasons, they’re the most common. An email address’s connection to personal information is valuable, so scammers try to access it.

Wider harm

So why does it matter if someone has your email? Typically, scammers want to get ahold of an email because it’s a gold mine of information. They can use it to trace online activity, find attached accounts and uncover personal data. And when they do so, they can bombard people with countless spam messages to cover up malicious actions or get them to abandon their addresses.


Sometimes, they can access emails even without action on their target’s part. Take the WhatsApp data breach of 2019, where hackers got the personal data of 1.5 billion people by using malware. As long as that information exists on servers somewhere, it’s a security issue.

What does a sudden influx of spam emails mean? If someone is suddenly getting a lot of spam emails simultaneously, they may be the victim of email bombing. It’s a type of distributed denial-of-service (DDoS) attack that uses a script to automatically send messages. Usually, it gets past spam filters by using legitimate websites. In that case, it would be a significant cybersecurity risk for businesses and individuals alike.

Attackers can’t access someone’s information by sending many messages simultaneously, but they can use it as cover. For example, attackers may hope people won’t notice purchase confirmations or password change requests when intermingled with an enormous amount of spam. Additionally, a sudden massive increase in traffic can compromise servers. It’s a serious cybersecurity concern.

Wise response

What should you do if you get email bombed?

There are four immediate steps people should take if they get email bombed.

•Create a second email. Once scammers have the original account information, they can take steps to get more personal and financial data. A separate email can protect information and keep things more secure. For example, people could use one to sign up for things and another for sensitive records.

•Check Your Bank Account. If someone suspects they’re a target of email bombing, they should check their bank account immediately. Reviewing recent and pending purchases reveals if anyone is attempting to use their credit card information. Ideally, they should turn off their card until they resolve the issue.

*Report and Delete. People may find it tempting to abandon their accounts when they get a sudden influx of spam emails, but that’s not the best option. It can be frustrating, but reporting and deleting everything is the best approach. They shouldn’t attempt to unsubscribe — even though it may reduce future spam — because it could install malware or direct them to an illegitimate website. Clicking anything during an attack is a cybersecurity concern.

•Change Passwords. It’s virtually impossible to know the extent of leaked information. To be safe, someone experiencing email bombing should change their accounts’ passwords. If the level of spam they’re receiving makes that impossible, they should set up multi-factor authentication instead. Any additional protection can help secure their personal information.

Spam emails are a security concern. Suddenly getting a lot of spam emails may be a signal of a DDoS attack to obtain personal data, compromise servers or misuse financial information. Individuals should be aware of the potential cybersecurity issue and secure their accounts immediately.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone