Q: Why am I being bombarded with email subscription notifications that I never signed up for, including a lot of foreign language sites and what can I do about it?
A: We all experience a variety of junk messages on a regular basis, but when something like this happens, it鈥檚 clear that someone is behind this activity.
Your email address is publicly available and there鈥檚 no verification system in place to validate the use of it in these schemes.
What you are experiencing is known as “subscription bombing,” used by those with ill intent for reasons that can range from being a nuisance to distracting you from other malicious activity.
The fact that lots of foreign websites are involved points to a scripting tool used by bad actors around the world.
Harassment
The internet is filled with people that find it amusing to cause others grief, and flooding someone鈥檚 inbox with junk messages has long been one of the tactics.
In some cases, the intent is to disrupt the victim鈥檚 daily activities by overwhelming their inbox to the point that getting to legitimate messages becomes laborious and frustrating.
It鈥檚 often looked at as a type of “denial of service” attack because it can be so disruptive to the victim.
Malicious links
Another possibility is that they include a link that appears to be an unsubscribe button that links to a malicious landing page. The page attempts to compromise you by silently probing your device to see if it鈥檚 missing any security updates.
This is sometimes called a “drive-by download” because the malicious website can silently install malicious code onto your device by exploiting known security flaws.
This common attack is why keeping your device updated with the latest security patches and updates is so important.
It鈥檚 never a good idea to unsubscribe from anything that you didn鈥檛 subscribe to in the first place, especially when it鈥檚 clear you鈥檝e been targeted.
Distraction from the real attack
It鈥檚 also possible that the onslaught is a diversionary tactic to distract your attention from a legitimate message notifying you of a change to an account or other fraudulent activity.
The intent is to overwhelm you to the point that you stop paying attention to any message that looks like an alert of any kind.
For this reason, it鈥檚 critically important that you pay attention to all of the unusual messages you get, so you don鈥檛 miss anything that would alert you to malicious activity.
What you can do
Unfortunately, there鈥檚 no simple process to magically make this nuisance go away, so you鈥檒l continue to receive the notifications for days, weeks, or even months depending on the script used in the attack.
You may notice that many of the messages are asking you to confirm a subscription, which is known as a double opt-in process. If you don鈥檛 respond, you shouldn鈥檛 get anything else from that website.
If you don鈥檛 have two-factor authentication setup on your critical online accounts, do so immediately to help protect yourself against account takeover attempts.
If you鈥檙e not sure how to do it, you can search for instructions by name on .
Changing your critical passwords to something you鈥檝e never used before that鈥檚 at least 16 characters long is another solid security measure for this and many other exploits being used every day against you.
Ken Colburn is founder and CEO of . Ask any tech question on or .
