It was early October 2011, and I was on the treadmill checking email when I noticed several hundred new messages had arrived since I last looked at my Gmail inbox just 20 minutes earlier. I didn’t know it at the time, but my account was being used to beta test a private service now offered openly in the criminal underground that can be hired to create highly disruptive floods of junk email, text messages and phone calls.
Many businesses request some kind of confirmation from their bank whenever high-dollar transfers are initiated. These confirmations may be sent via text message or email, or the business may ask their bank to call them to verify requested transfers. The attack that hit my inbox was part of an offering that crooks can hire to flood each medium of communication, thereby preventing a targeted business from ever receiving or finding alerts from their bank.