Victim looking distressed at a computer screen filled with spam emails, illustrating a mail bombing and phishing call scam.When combined with phishing calls, the mail bomb tactic can allow hackers to take control of computers with the victim’s consent (Illustration: ST).
In its recently published “2025 Digital Defense Report,” Microsoft highlighted the resurgence of “mail bombing.” This simple tactic floods a victim’s inbox with thousands, or even millions, of emails.
Their purpose is to create a sophisticated distraction. An overloaded inbox renders it unusable, causing victims to inadvertently miss crucial notifications such as security alerts, two-factor authentication codes, password reset requests, or transaction notifications.
While the victim is in a state of confusion, hackers discreetly conceal their criminal activities. To achieve this, hackers use bots or scripts to send a barrage of spam (also known as “spam bombing”).
More cunningly, they subscribe the victim’s email to countless newsletters and forums. This trick often bypasses common spam filters used by Gmail or Outlook.
But the danger doesn’t stop at a junk-filled inbox. Microsoft reveals that cybercriminals are combining “mail bombing” with another technique called phishing calls.
Microsoft explains: “Mail bombing has changed. Previously it was used as a smokescreen, now it is leveraged from the outset of a larger attack.”
This “2-in-1” scam scenario unfolds as follows: First, the user’s inbox suddenly receives an unending stream of spam. Immediately after, you receive a call or message (via phone or Microsoft Teams) from someone claiming to be a technical support employee.
They inform you that your email account is experiencing a serious problem. Since you are already seeing issues with your inbox, you will be inclined to trust them. Microsoft points out that this panic and “sense of urgency” is the perfect bait, allowing hackers to manipulate the victim.
The scammer will offer to “resolve the issue” and instruct you to install a remote assistance tool such as Quick Assist (built into Windows). They will patiently guide you through each installation step. As soon as you grant permission, hackers will gain full control of your computer.
Microsoft identifies this as one of the most effective social engineering techniques because it deceives victims into willingly taking risky actions. In fact, researchers at Morphisec had previously warned about similar tactics on Teams, used to spread the dangerous Matanbuchus virus.
Microsoft advises users:
High Vigilance: If your inbox is suddenly flooded with emails, be extremely cautious. This could be the first sign of an attack.
Do Not Trust Strangers: Absolutely do not install any tools, especially remote control software, at the request of a stranger via phone or message.
Contact IT Department: If you receive a suspicious message on Teams or a spoofed call, immediately contact your company’s IT department for verification, instead of following the stranger’s instructions.
For Businesses: Companies should consider restricting employees from communicating with external accounts outside the organization via Teams to minimize risks.
Source link: https://dantri.com.vn/cong-nghe/tin-tac-tro-lai-voi-chieu-tro-lua-dao-rat-de-thao-tung-nan-nhan-20251103230530754.htm
