23 July 2012

"Spamflooding"

It was early October 2011, and I was on the treadmill checking email from my phone when I noticed several hundred new messages had arrived since I last looked at my Gmail inbox just 20 minutes earlier. I didn’t know it at the time, but my account was being used to beta test a private service now offered openly in the criminal underground that can be hired to create highly disruptive floods of junk email, text messages and phone calls.

Many businesses request some kind of confirmation from their bank whenever high-dollar transfers are initiated. These confirmations may be sent via text message or email, or the business may ask their bank to call them to verify requested transfers. The attack that hit my inbox was part of an offering that crooks can hire to flood each medium of communication, thereby preventing a targeted business from ever receiving or finding alerts from their bank...

If you run a small business and one day find yourself on the receiving end of one of these email, SMS and/or phone floods, I’d advise you to find a mobile phone that isn’t being blocked and alert your financial institution to be especially vigilant for suspicious transactions.
Further details of this process, which can send 100,000 emails to your mailbox, at KrebsOnSecurity, via BoingBoing.

No comments:

Post a Comment