Resolving a gmail bomb
December 30, 2016 7:09 AM   Subscribe

I have had a disturbing issue with my gmail over the past several days. It sees that someone is using my email address to sign up for a massive number of email newsletters and online accounts. Every day, I have been getting hundreds of confirmation emails for sites and newsletters I have never visited or requested. I am looking for help on how to resolve this issue with my email address. Snowflake details, specific questions, and general lamentations inside.

I do not believe that this person/bot has access to my gmail account; my password is unchanged (I changed it after the activity started as well), I can still access my account, and it doesn’t look like any unauthorized emails have been sent from my account.

I did a little research, and it suggested that this might be a “email bomb” that a scammer is using to cover up attempts to purchase something on an account of mine he or she has compromised (by flooding my inbox with trash, the hope is I would miss an order confirmation email or the like). Sure enough, I found a fraudulent order had been placed with my Costco account. I contacted Costco, and they are investigating. I also checked my bank & credit accounts and the websites I could think of that might also be targeted (ebay, amazon, paypal, venmo). I also contacted the credit agencies and set up a fraud alert. Other than the Costco order, I haven’t noticed any strange activity (also the Costco thing is weird because it didn’t charge my debit card, and I don’t believe I have a card saved on that website—perhaps the scammer used someone else’s card to make an order through my account?).

My question has less to do with the creepy identity theft issue and more to do with my email account. I have been using this gmail account as my primary personal account for over a decade, and it would be really disruptive to close it and start over with a new account. My limited research suggests that often in these scammy email bomb scenarios, the scammer only floods the mailbox for a limited time. However, this is now the third day of tons of emails streaming in, and I am worried this issue isn’t going to stop on its own. The articles I read suggested marking the incoming emails as spam, but there aren’t really other suggestions for stopping the flood of emails.

I have noticed one other disturbing trend—as of yesterday, I noticed that I have failed to receive several legitimate personal emails sent by friends (several emails sent to my fiancée and including my email address as well, which did not appear in my inbox or my spam folder either). I am still receiving emails from institutions like my bank, electric company, and newsletters I have actually signed up for.

What I would like to know is (1) is there anything else I can do to stop or diminish these unwanted emails from coming into my account; (2) is there anything I can do to at least make sure I continue to receive legitimate emails; (3) can I expect these disruptive emails to eventually stop on their own, or is this likely to be a permanent issue with this email address going forward?

Any help would be greatly appreciated. I’m sort of at a loss here.
posted by dredge to Computers & Internet (12 answers total) 16 users marked this as a favorite
 
Since it's gmail, go ahead and check where your gmail account is being accessed from. Click on your icon, select "My Account," and check "Device activity & notifications." If there's anything unfamiliar, then someone has gotten into your account. While you're there, change your password to yet another password you've never used before, and set up 2FA. If you're right and nobody is accessing your account, this might still be the cheapest reality check you'll get on the state of security of your gmail account.

You can try to filter the incoming mail by filtering on phrases like "confirm your account" and "confirm your email" and "sign-up."

If this is a targeted campaign against you to cover fraud, then it'll probably stop. 3 days of noise doesn't sound like a long time to me.

Much of this mail will throw your automatic spam filter out of whack, though, so check your spam folder for the personal emails. The spam folder is excluded from regular searches, so search for the missing legit mails with in:spam in the search field. Or just scroll through Spam and see what got caught in there.
posted by Sunburnt at 7:33 AM on December 30, 2016 [9 favorites]


blergh this sounds like a pain in the.
but!
Unroll.me is pretty nifty, and could be of help here?
posted by speakeasy at 7:37 AM on December 30, 2016 [6 favorites]


I've had my Gmail account since it was an invite-only beta in 2004, and I've had this happen several times. You can look at my posting history for a few previous answers I've given for this if you want. And like you, I'm not changing my Gmail address, because that would be a huge hassle in my personal and professional life.

In this type of case, I just ride it out and either mark things as spam or find a way to unsubscribe, or I just delete them. I do give them a quick glance though, just to see if anything looks like a confirmation for a fraudulent order. In that case I'll call the company and also my bank to let them know, and then let them do whatever it is they do on their end.

So, for (1), the answer is not really, other than marking them as spam or unsubscribing as you can. If it's a case of someone using my Gmail address by mistake hopefully they'll eventually figure it out. Google's spam filter (maybe still Postini? I can't remember...) is really good and will eventually figure out what to do. For (2), it's hard to say without knowing what was happening on the server side. I used to support e-mail servers, and the ways that an e-mail can go wrong or get delayed are myriad and arcane. A correctly configured e-mail server will attempt to resend to your account for (I think) four days before giving up, at which point the sender will be notified. So if these e-mails haven't arrived yet, they may at a slightly later date. And for (3), I always find that this kind of thing wanes on its own, and that the Google spam filters will do a better and better job of stopping them over time. However, I check my Spam folder on a daily basis just in case, because things can go awry and legitimate e-mails can end up there.
posted by ralan at 7:39 AM on December 30, 2016


YES. Unroll.me is the answer.

Unroll.me lets you unsubscribe to emails in bulk. It also lets you add emails that you want to receive, but maybe don't need in your inbox, to a single daily rollup email per day, which you can easily scan to see if there's anything worth reading. Each day's rollup will also let you know how many new "subscriptions" you have and you can click in and unsubscribe, add them to your rollup, or leave them coming into your inbox as is your preference.

This makes email so much tolerable even in general. But in a case like yours where you need to bulk unsubscribe to dozens or hundreds of things... it would be a godsend.
posted by DirtyOldTown at 7:40 AM on December 30, 2016 [4 favorites]


As for not missing emails, do you have gmail tabs enabled? When I've had similar situations happen in the past, it still did a pretty good job of sorting everything out. Most of the "confirmations" should go to the Updates tab, and your friends should go to your primary box.

Additionally, to help gmail sort stuff, this would be a good time to start staring all of your friends emails and marking threads as important. This helps google sort stuff as well.
posted by mayonnaises at 7:53 AM on December 30, 2016 [1 favorite]


Go into your settings and check no filters have been set up to forward emails elsewhere. You want to check the 'Filters and Blocked Addresses' tab and the 'Forwarding and POP/IMAP' tab. And set up 2FA for sure.
posted by corvine at 8:08 AM on December 30, 2016 [7 favorites]


Sounds like you need a bunch of filters. I would recommend:

1. A filter to star/mark important items you really care about - i.e., from fiancée, friends, family, bank, job, etc. (there's also a filter action for "never send to spam")

2. filter to get rid of unquestionable spam - so maybe with subject:"welcome to" or "confirmation" or "thank you for registering" - send those suckers straight to trash, or archive (skip the inbox)

3. maybe a second less serious round for spam - "unsubscribe" somewhere in the body, goes to archive, trash, whatever your preference

I second those inbox tabs - they are pretty good at getting your personal email in the primary tab and bulk email in the others.
posted by timepiece at 9:58 AM on December 30, 2016


OMG...I just unsubsribed from 78 lists using unroll.me . The only annoyance is that it made me tweet the site once you want to unsubscribe from more than 5. There's a reason I have a garbage twitter account.
posted by If only I had a penguin... at 10:03 AM on December 30, 2016


>it made me tweet the site once you want to unsubscribe from more than 5.

I think you can click the button to tweet but then not actually publish the tweet and still have the limit lifted.
posted by bdk3clash at 10:28 AM on December 30, 2016 [1 favorite]


I just used the unroll.me and I posted the required share to facebook set so that only I could see it and then deleted it. It worked and I'm 62 lists slimmer!
posted by lydhre at 11:04 AM on December 30, 2016


I just used unroll.me to unsubscribe from about 30 lists--it did give me the prompt to share on Facebook, but I simply clicked that link and then immediately went back to unroll.me and continued-- I don't even have a Facebook account.
Great suggestion!!!
posted by bookmammal at 11:09 AM on December 30, 2016


I have an email folder labeled 'The McBeth Fiasco' for a similar issue. There is a senior lady, plus many, many others, who somehow keep providing all their business contacts and personal email people with their/her misspelled email, which is mine. I get dentist office appointment reminders, her airline flight confirmations, realtor emails asking them/me to remind them how much acreage we want with our new home search, yacht club members newsletter, requests that I vote for her granddaughter's age group finalist Google Doodle entry... Couple weeks ago it was a social women's gathering invitation for a Mahjongg fundraiser for Habitat for Humanity.

I wrote back by 'reply all'ing to let all contacts know to please remove my email address from their contact lists and don't make event registrations with me, and explaining that I happen to BE a H4H homeowner, thanked them all for supporting the organization on behalf of future local homeowners. One lady wrote back saying I'm exactly the person she would love to have join their group.

I was able to figure out that particular lady's husband's email address and asked him to please help his wife unsubscribe me and please correct her email (to airlines, for example, who would not remove my addy from their communications because I was not the account holder).

I've found some newsletters and online stores do allow me to unsubscribe. If there's no password or secret account info to provide and the account is specifically connected to email address only I also have had some luck using my email address to change the account password, then adjust the account mail settings to 'none' or unsubscribe. When people read the profile originally written by the guy who used my email to sign up on a dating site, they learn some new information I edited in. I have had my email address for almost as long as the internet has existed, with no plan to give that up ever.
posted by mcbeth at 12:52 PM on January 1, 2017


« Older How to tell my bosses I'm bored   |   Serious work, working less than full time?... Newer »
This thread is closed to new comments.