A lot of people get a handful of spam in their email inboxes every day. While spam can be a nuisance, it only takes a few minutes to delete or block spam. But if you receive tens of thousands of spam all at the same time, a huge chunk of your time and energy will be wasted on dealing with them — and they might actually be hiding telltale signs that you're being attacked by cybercriminals. This tactic is called distributed spam distraction (DSD), and here’s what you need to know about it.
What is DSD?
DSD is a type of attack wherein cybercriminals inundate email inboxes with as many as 60,000 spam emails. These emails don’t contain dangerous links, ads, or attachments, just random excerpts of text taken from books and websites. But because of the sheer volume of these emails, deleting and blocking each one of them can be daunting. And worse, the email and IP addresses used to send them are all different, so victims can’t simply block a specific sender.
While these spam messages may seem like harmless annoyances, their true purpose is to draw victims’ attention away from what hackers are doing behind the scenes — which is to steal and use your personally identifiable information to conduct a raft of illegal activities. These include stealing money from your bank account or making unauthorized purchases in your name. In a DSD attack, the thousands of spam emails you get serve as a smokescreen that hides payment confirmation messages.
New tactics
Over the years, hackers have developed new DSD tactics. Several reports show that instead of nonsensical emails, hackers are using automated software to have their targets sign up for thousands of free accounts and newsletters to distract them with authentic messages. This allows DSD blasts to slip past spam filters that weed out the malicious code and text used in traditional DSD attacks.
Also, anyone can go on the dark web and pay for DSD services. For as little as $40, you can get a hacker to send out 20,000 spam emails to a specific target. All you need to do is provide the hacker with your target’s name, email address, and credit card number — all of which can also be purchased on the dark web.
How to protect yourself from DSD
DSD is a clear sign that your account has been hijacked, so whenever you receive dozens of emails in quick succession, contact your bank to cancel any unfamiliar transactions and change your login credentials as soon as possible. Also, you should update your anti-spam software (or get one if you don’t have one) to protect your inbox from future DSD attacks.
Hackers only initiate DSD attacks after they’ve obtained their target’s email address and personal information, so make sure your accounts and identity are well protected online. You should regularly change your passwords and PINs, enable multifactor authentication, set up SMS and/or email alerts for whenever online purchases are made in your name, and be careful about sharing personal information with others.
DSD is just one of many cyberthreats out there. For expert advice on how to ensure your safety and security online, get in touch with our team of IT professionals.