Mail bombing attack: what you need to know
This morning, staff and students across the University have reported receiving a flood of unexpected emails from various companies and services. This is part of an ongoing mail bombing attack affecting institutions across the education sector.
What is mail bombing?
Mail bombing is a tactic used by cybercriminals to overwhelm inboxes with emails. This can happen for several reasons:
- Distraction: attackers flood your inbox to make it harder to spot important messages.
- Disruption: the sheer volume of unwanted emails can be overwhelming.
- Account fraud: your email may have been used to sign up for multiple services, potentially masking other malicious activity.
These emails often appear as subscription confirmations, ticketing system responses, or customer service replies. If you have experienced this today, your email has been targeted in an automated attack.
What should you do?
1. Report the emails to St Andrews CSIRT (Computer Security Incident Response Team)
If you are receiving a large volume of these emails, please forward a sample to [email protected] to inform the St Andrews CSIRT (Computer Security Incident Response Team) so they can monitor and address the issue.
2. Ignore and delete the emails
- Don’t click on any links, open attachments or respond.
- Avoid using “unsubscribe” links as this may confirm your email address to spammers.
3. Mark the emails as spam
Use the “Report as Junk” option in your email client. This helps improve filtering systems over time.
4. Continue using your email as normal
IT staff members are actively working to mitigate the attack. No further action is required on your part beyond ignoring the emails.
Help and support
If you receive an unusual email that seems different from the bulk spam or are unsure about an email’s legitimacy, contact The St Andrews CSIRT (Computer Security Incident Response Team). You can also report any suspicious emails you receive using the purple “Report” button in your Outlook email client.