Lately, we've noticed a surge of users receiving account verification emails from popular services like Reddit, Logmein, NextDoor, Amazon, and ESPN—services they never actually signed up for. Despite our spam firewall being unable to flag these emails (since they come from legitimate sources), this is causing significant confusion among our users. Some users are reporting these emails as spam, but technically, they aren't spam. While we try to implement domain lockdowns for services we use, I'm wondering if there's more we can do beyond educating users, which seems to fall on deaf ears. Has anyone else experienced similar issues? For most, it's just a couple of stray emails here and there, but one user was targeted intensely and received hundreds in just a few hours. We even had to put a temporary rule in place to block emails containing terms like 'activate.'
3 Answers
If you’re using Microsoft, they’ve rolled out a feature aimed at combating email bomb attacks, known as Microsoft Subscription Bomb Defense. It might be worth exploring if your organization qualifies for an upgrade to access this feature!
It sounds like these users might end up being contacted by attackers posing as IT personnel trying to 'fix' their email issues—a common scam tactic. Just a heads up to keep an eye on that possibility!
We have a setting in Teams to prevent unknown external users from contacting us, so at least we have some protection there.
One theory could be that users are getting bombarded with these emails to distract from attacks on their financial accounts. It's a sneaky tactic; while one of your users was heavily targeted, others seem to just be getting the occasional email. It’s mainly causing annoyance rather than major danger, right?
Exactly, we did manage to shut down the one user who was bombed, but others are just facing sporadic emails. It’s more about clearing up the confusion than any real risk.
I saw that! I’m not sure if we have the right licensing for that yet, but I’ll definitely look into it as we consider an upgrade.