Account Garnishment

Overview

Account Garnishment, also known as Email Bombing, is a deceptive tactic fraudsters use as a smokescreen for a more sinister attack. It involves a malicious actor subscribing a victim's email address to hundreds or even thousands of newsletters, services, and websites. The resulting flood of unwanted emails overwhelms the victim's inbox, creating a chaotic environment where important security alerts from a compromised account are likely to be missed.

How It Works

The execution of account garnishment is simple but effective. A fraudster, often using automated scripts, submits a victim's email address to numerous subscription forms across the web. This triggers a massive wave of legitimate confirmation emails, welcome messages, and newsletters to the victim's inbox. Buried within this digital noise is the email the fraudster actually wants to hide—typically a password reset confirmation, a shipping notification for a fraudulently purchased item, or a security alert for an account they have just taken over. The victim is so busy deleting spam that they fail to notice the one critical email that would have alerted them to the attack.

Why It Matters for Fraud Prevention

For businesses, account garnishment is a significant red flag for several reasons. Firstly, it's a direct precursor to Account Takeover (ATO) fraud. If the hidden email is a password reset link for an account on your platform, the next step is the complete takeover of your customer's account. Secondly, it constitutes a form of platform abuse. Fraudsters exploit your sign-up forms to carry out their attacks, which can strain your resources. Finally, if your service's legitimate confirmation emails are part of this flood, they are likely to be marked as spam by the victim, which can harm your domain's sending reputation and future email deliverability.

Real-world Example: The E-commerce Heist

Imagine a fraudster gains access to a customer's login credentials for a large e-commerce store. Before changing the password and locking the real user out, they want to place an order and change the shipping address. To hide the order confirmation and shipping update emails from the victim, they initiate an account garnishment attack on the victim's email address. While the victim is overwhelmed with subscription emails, the fraudster places a large order, changes the delivery address, and the confirmation emails from the e-commerce store go unnoticed until it's too late.

Conclusion

Account Garnishment is more than just an annoyance; it is a calculated distraction technique used to enable more severe forms of fraud, particularly Account Takeover. For online businesses, recognizing the signs of this abuse is critical. Implementing robust fraud detection solutions like Greip at the point of sign-up can help identify and block the automated scripts used in these attacks, protecting both your platform from abuse and your customers from compromise. By monitoring for high-velocity sign-ups and other indicators of bot activity, businesses can disrupt the smokescreen and expose the underlying fraud before damage is done.