This is Part 2 in a Blog Series About Email Subscription Bombs, Read Part 1 Here.
Email Security Best Practices
While every type of attack can't be stopped, it is crucial to make email safety a priority.
The best way to make business email accounts safer online, is to employ an experienced IT support provider who uses anti-spam software and constantly monitors incoming emails for suspicious activity. Techs trained in cyber security can also assist businesses after an attack to configure security settings and employ spam filters that make work email less vulnerable.
Office 365 subscribers have a host of options for enhancing email security through various encryption options. Affordable add-on’s like Exchange Online Protection guard against spam and malware and maintain access to a client's email even during emergencies-for the cost of around a dollar per month per user.
For even better protection, MFA (multi-factor authentication) requires users to acknowledge a phone call, text message, or an app notification on their smart phone after correctly entering their password. With MFA in place, Office 365 user accounts are still protected against unauthorized access even if a user's password is stolen.
Adding an extra step of identity verification (with MFA) can't prevent subscription bombs once they've been ordered, but it can keep the wrong people from accessing your account in the first place. Remember, hackers usually don't send a subscription bomb unless they've already your personal information. Here's more information on adding MFA to your Office 365 subscription.
Whichever email client you’re using, it is a best practiceto always have a strong password and change it regularly.
What to Do If You Get Email Subscription Bombed
If subscription bombing happens to one of your email accounts, leave the emails where they are and check for other suspicious activity before deleting any messages. Contact your financial institutions to see if any unauthorized purchases have been made using your account information and avoid accessing any personal information over unencrypted or public Wi-Fi until you know you are in the clear.
You also want to do an internet search of your email address to see if it appears on any unwanted subscription sites or lists. If you find it somewhere you did not authorize, work with the site's owner to unsubscribe and have all record of your email removed from their site. This can be time consuming, but is a worthwhile step in subscription bomb troubleshooting.
Reconfiguring your email spam filters will reduce some unwanted emails in the future, but it is nearly impossible to block every email triggered by a subscription bomb. What makes this attack successful is the fact your email address is essentially used to sign up for legitimate mailings - so even the most secure email providers don’t know they're supposed to block them.
If you’re interested in learning about the best apps and safe practices for making your email as secure as possible,