Mail bombing is a form of cyberattack where attackers flood a user’s inbox with hundreds or even thousands of unwanted emails. Often, this is done to obscure more malicious content arriving around the same time, to disrupt normal email communication or to have an attacker call you posing as IT wanting to resolve your issue.

How to Spot an eMail Bombing Attack

   - A flood of emails - from unknown senders all at once.  

   - Repeating subjects or content - in emails that don’t make sense.  

   - Hidden phishing attempts - a real malicious email might be buried among the junk and crafted to look like it's from someone you trust.  

What to Do If You’re Targeted

   - Don’t open, click, or reply - Responding confirms your email is active, making you a bigger target.  

   - Report it! - Use your email client’s "Report Phishing" or "Report Junk" feature.

   - Sort important emails - Set up rules or filters to keep critical messages from getting lost in the noise.  

   - Tell IT immediately - If you suspect this is happening to you, reach out right away.  

Protect Yourself from These Attacks 

  - Keep your email private - Be mindful when signing up for external services with your work email.  

  - Use strong passwords - Never reuse passwords—use a password manager if needed.  

  - Enable MFA with Conditional Access - (Multi-Factor Authentication) is important, but hackers try to get around it. Conditional Access Policy is an added layer we are rolling out to Sites.

  - Be cautious with links and attachments - If something looks odd, don’t click!  

How to Confirm IT Staff Identity Over the Phone 

If someone calls claiming to be from IT, take a moment to verify before sharing any information:  

  1. Don’t give credentials or approve MFA requests - unless you’re sure it’s legit.  

  2. Ask them a question only an employee would know, like:  

     - "What software did we roll out last month?"  

     - "Who sits to the left of me in the office?"  

     - "What was the topic of our last training?"  

  3. If you’re unsure, hang up and call IT directly using our official contact info or the ticketing system.  

What We’re Doing to Help  

  ✅ Better spam filtering to block suspicious emails before they reach you.  

  ✅ 24/7 security monitoring to detect and stop attacks fast.  

  ✅ Ongoing training so everyone knows how to stay safe. 

  ✅ Rolling out conditional access policies to all employees.    

If you have questions or think something’s not right, reach out to IT Security at itservicedesk@coeur.com.