When combined with scam calls, email bombs can allow hackers to take control of a computer with the victim's consent (Illustration: ST).
In its recently released "Digital Defense 2025 Report," Microsoft highlights the rise of "mailbombing," a simple tactic that floods a victim's inbox with thousands, even millions, of emails.
Their goal is to create a sophisticated distraction tactic. The overloaded inbox leaves victims unable to use their inbox and accidentally miss out on extremely important notifications such as security alerts, two-factor authentication codes, password reset requests, or transaction notifications.
While the victim is confused, the hacker will quietly conceal his criminal activities. To do this, the hacker uses bots or scripts to send out mass spam emails (also known as "spam bombs").
More sophisticated, they subscribe the victim's email to countless newsletters and forums. This trick often bypasses the usual spam filters of Gmail or Outlook.
But the danger doesn't stop at a junk inbox. Microsoft revealed that cybercriminals are combining "mail bombs" with another technique called call scams.
"Mail bombing has changed. Where it used to be a cover, it's now being exploited at the very beginning of a larger attack," Microsoft explains.
This “2-in-1” scam scenario goes like this: First, the user’s inbox suddenly gets flooded with spam. At the same time, you get a call or message (via phone or Microsoft Teams) from someone claiming to be a tech support person.
They tell you that your email account is having serious issues. Since you're seeing the issues with your inbox yourself, you're more likely to believe it. Microsoft points out that this panic and "sense of urgency" is the perfect bait for hackers to manipulate victims.
The scammer will offer to “solve the problem” and ask you to install a remote support tool such as Quick Assist (built into Windows). They will patiently guide you through the installation process. Once you grant permission, the hacker will take full control of your computer.
Microsoft considers this to be one of the most effective social engineering techniques, as it tricks victims into voluntarily performing risky actions. In fact, researchers at Morphisec have previously warned of a similar tactic on Teams, which was used to spread the dangerous Matanbuchus virus.
Microsoft recommends users:
Be on high alert: If your inbox suddenly becomes flooded with emails, be extra cautious. This could be the first sign of an attack.
Don't trust strangers: Never install any tools, especially remote control software, at the request of a stranger over the phone or text message.
Contact IT: If you receive a suspicious Teams message or impersonated call, contact your company's IT department immediately for verification, rather than following the stranger's instructions.
For businesses: Companies should consider limiting employee communication with accounts outside the organization via Teams to minimize risk.
Source: https://dantri.com.vn/cong-nghe/tin-tac-tro-lai-voi-chieu-tro-lua-dao-rat-de-thao-tung-nan-nhan-20251103230530754.htm
![[Photo] The road connecting Dong Nai with Ho Chi Minh City is still unfinished after 5 years of construction.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762241675985_ndo_br_dji-20251104104418-0635-d-resize-1295-jpg.webp)
![[Photo] Ho Chi Minh City Youth Take Action for a Cleaner Environment](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762233574890_550816358-1108586934787014-6430522970717297480-n-1-jpg.webp)
![[Photo] Panorama of the Patriotic Emulation Congress of Nhan Dan Newspaper for the period 2025-2030](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762252775462_ndo_br_dhthiduayeuncbaond-6125-jpg.webp)
![[Photo] Ca Mau "struggling" to cope with the highest tide of the year, forecast to exceed alert level 3](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762235371445_ndo_br_trieu-cuong-2-6486-jpg.webp)
Comment (0)