Email Spam and Hacked Amazon

Sitting at Work

There I was sitting at desk, enjoying my tiny bag of Cheetos. It was a well deserved break after fixing two bugs. 
*Buzz*
*Buzz Buzz*

My watch shook and lit up with the promise of a notification? Perhaps a bill? Maybe my watch is telling me to move after an hour of sitting? Could it be a lovely message from The Lady?
Ahh, no.  s
It’s an email from Amazon.
“Strange”, I think. What could it be?
Then, hmm. This is curious, why is it in the Purchase category? So many questions, so few answers.

I open the email to read that my Nexus 5X has been accepted as a defective product and a new one will be sent to me in a 2 days. I also read that the address it is being sent to is not mine.

“On noes”, I thought!

I dash off to Amazon, my fingers quickly typing in the not so secret password of what used to be my own private account. Thankfully, the password still worked. I then change the password, this time to something more respectable than password123… Just kidding. 

Password change I proceed to cancel the defective order and open a chat window with an Amazon rep to inform them of the afternoons proceeding.

*Buzz Buzz*

Another notification. This time is a… confirmation for a subscription?

*Buzz Buzz* 

Another confirmation..

*Buzz Buzz*

And another…

*Buzz Buzz*

Ohh god, there is so many!

The onslaught of subscription confirmations continued for another 6 hours and culminated into a total of 2106 emails.

Capture

At this point I had already deleted a few

Why the Emails?

I doubt I’ll ever find out for certain, but here is my current hypothesis. I think the email spam was akin to a magician’s sleight of hand. It was all a distraction to keep me from seeing what was going on with Amazon. They do mischief with my account. Amazon sends an email notification. They then hope that the notification get’s lost among the other 2 thousands emails. 

How to Stop It

The Amazon one is easy. Good password.  

The spam part is basically impossible. You see, the subscriptions that I was subscribed to where/are legitimate feeds/newsletters. Somewhere, someone wrote some code that would automatically sign up an email with hundreds/thousands of them. Because they are real subscriptions, a spam filter is not going to catch them. Thankfully Gmail has an option to throw emails into categories. So when as well said and done, a good 90% of the emails were placed in a “promotions” category that made deleting them very easy. But your email service does not have such a feature…

Anyhow, if one day you notice that your email account is getting spammed, then it would be a good idea to see if it’s trying to cover up something else.

 Thanks for reading!

Facebooktwittergoogle_plusredditpinterestlinkedinby feather