Suspicious activity on your HubSpot forms
05-01-2018 03:55 - edited 05-02-2018 11:09
If you have received an email like the one above, it means that one or more of your publicly facing forms have been detected by bots as insecure. This exposes your forms to be used in a "list-bombing" attack.
"If there’s anything positive about it, it’s that with these kinds of attacks you’re more than likely not the one under attack, but rather you’re simply used as a vehicle to help out with one." -klaviyo
List bombing is when an mail address (the victim of the attack) is submitted on thousands of non-captcha forms automatically, flooding their inbox. It's normally used in tandem by hackers trying to break into the victim's bank account to obscure the alert emails from their bank. For instance, a hacker might launch a list bombing attack while utilizing a password reset functionality to hide the password reset emailfrom ever being seen.
The risk to you has to do with the deliverability of your emails. Spamhaus has dealt with this issue by blacklisting any IP address used to facilitate a "Subscription bombing" attack (another name, same thing). Having your IP blacklisted on Spamhaus is bad. If that happens it can result in 60-70% of emails soft bouncing.
If the victim's address is not already in your database then enabling CAPTCHA or DOI will completely eliminate this risk. So if you see this email please do either as soon as you can to protect the deliverability of your emails.