In this article discusses the growing threat of email bombing, a cyberattack that floods a victim’s inbox with a large volume of emails to overwhelm their mailbox, disrupt email triage, or mask security breach notifications.
Often, attackers use this tactic to impersonate IT support, tricking victims into allowing malware installation or data theft. Microsoft Defender for Office 365 now includes default protection against email bombing, automatically detecting and blocking such attacks.
This feature enhances visibility for Security Operations Center analysts, enabling quick responses to keep organizations safe. The protection is available in Exchange Online Protection and Microsoft Defender for Office 365 plans, as noted in Message Center post MC1096885. A follow-up blog post explores multi-modal attack protection involving email bombing and Microsoft Teams activity correlation.
Email bombing is a cyberattack where an attacker floods a victim’s email inbox with a massive volume of emails in a short time. The goal is to overwhelm the email server or the victim’s ability to manage their inbox, causing disruptions like:Overloading the mailbox: Filling up storage limits, preventing new legitimate emails from being received.
Disrupting email triage: Making it hard for the victim to find or prioritize important emails.
Masking malicious activity: Hiding critical security alerts (e.g., breach notifications) among the flood of emails.
Social engineering: Often paired with impersonation (e.g., posing as IT support) to trick victims into clicking malicious links, downloading malware, or sharing sensitive data.
Attackers may use automated scripts or botnets to send thousands of emails, sometimes from spoofed or disposable accounts. These emails can be random, contain phishing content, or appear legitimate to evade basic filters.Example: An attacker might send 10,000 emails in an hour, including a few malicious ones disguised as urgent IT requests, hoping the victim overlooks the flood and acts on the dangerous email.Microsoft Defender for Office 365, as mentioned in the article, now offers automated detection and blocking of email bombing to mitigate these threats, enhancing organizational security.
