Distributed spam distraction (DSD) attacks are on the rise, as cybercriminals are banking on the busyness of the holidays to conduct cyberattacks in plain sight. These attacks aim to bury legitimate email alerts such as password change emails and the like.
What is DSD?
DSD is a type of attack wherein cybercriminals bombard email inboxes with tens of thousands of emails in a short span of time, typically between 12 and 24 hours. These emails don’t contain dangerous links, ads, or attachments, just random excerpts of text taken from books and websites. But because of the sheer volume of these emails, deleting and blocking each one of them can be overwhelming. Worse, the email and IP addresses used to send them are all different, so victims can’t simply block a specific sender.
While these spam messages may seem like harmless annoyances, their true purpose is to draw victims’ attention away from what attackers are doing behind the scenes, which is stealing and using personally identifiable information to conduct a raft of illegal activities. These include stealing money from the victims’ bank accounts or making unauthorized purchases in their name. In a DSD attack, the thousands of spam emails serve as a smokescreen that hides payment confirmation messages.
In other words, if you are receiving an unusually large volume of emails from legitimate-looking accounts, you should act very quickly because the attackers likely already have access to your login credentials.
What signs should users look out for?
Over the years, attackers have developed new DSD tactics. Several reports show that instead of nonsensical emails, these crooks are using automated software to trick their targets into signing up for thousands of free accounts and newsletters to distract them with authentic messages. This allows DSD blasts to slip past spam filters that weed out the email text used in traditional DSD attacks.
Also, anyone can go on the dark web and pay for DSD services. For as little as $40, you can get an attacker to send out 20,000 spam emails to a specific target. All you need to do is provide the attacker with your target’s name, email address, and credit card number — all of which can also be purchased on the dark web.
What to do if you’re experiencing a DSD attack
DSD is a clear sign that your account has been hijacked, so if you receive dozens of emails in quick succession, contact your bank to cancel any unfamiliar transactions and change your login credentials as soon as possible. Also, you should install anti-spam software, or update your existing software if you already have one to protect your inbox from future DSD attacks.
Attackers only initiate DSD attacks after they’ve obtained their target’s email address and personal information, so make sure your accounts and identity are well protected online. Regularly change your passwords and PINs, enable multifactor authentication, set up SMS and/or email alerts for whenever online purchases are made in your name, and be careful about sharing personal information with others.
DSD is just one of many cyberthreats out there. For expert advice on how to ensure your safety and security online, get in touch with our team of IT professionals.