I woke up in the middle of the night last week with a funny feeling. And for reasons, I can’t explain I decided to check my email.
Good thing, too. I had about 300 emails from various accounts requesting a password reset. The vast majority of them were for accounts that I didn’t even have. But I also had some notifications from my PayPal Account and my Microsoft Authenticator app that someone requested a password reset.
Remembering my own advice, I opened up my PayPal and Authenticator app directly, bypassing any links in any of these emails, and made sure to let the app know that I definitely did not request a password reset.
Over the next hour or two requests for password resets kept flooding into my email. Interestingly enough, these did not appear to be links to malicious pages, though there could have been a few in there. It appeared that an automated program, or bot, put my email address into the password reset field over over 1,000 websites. Maybe thinking they would have access to my actual email inbox by then to authorize the change or hoping there would be some way for them to change the password without my being notified.
Fortunately, I have multi-factor authentication turned on about everywhere I can. For the most part, you cannot access my accounts unless you use my fingerprint on my phone to authorize it.
Although my accounts seemed safe, my inbox was rapidly filling up with garbage. Thousands of reset emails. Here’s what I had to do. I started marking those messages as spam in both my online inbox and the inbox for the email client on my phone. My online email interface also allowed me to mark some messages as phishing scams. After about 20 minutes of this, those messages started going into the junk folder. They were still coming, but they weren’t in my face hiding my important emails.
The bot attack slowed down and eventually stopped. One side effect was that these creeps signed me up for over 200 newsletters. That took some effort to get rid of. I was leery about clicking the unsubscribe button, so I actually looked up the websites for many of them and found the subscription options.
It was exhausting and probably unavoidable. That’s why multi-factor authentication is so important.
Wow, that’s awful. I might have just stopped using the internet. Thanks for the alert.