Technology typically makes life easier. Cell phones give us the Internet at the touch of a finger. Smart TVs let us check the weather and browse Netflix when we’ve exhausted our DVR queues of Keeping up With the Kardashians episodes. Smart refrigerators let us know when we’re about to run out of milk. Those refrigerators, along with televisions and routers, are also capable of being part of an enormous cyberattack and sending more than 750,000 malicious email communications to unwitting consumers. That’s what happened according to security provider Proofpoint.

Proofpoint says it might be the first observed instance of such an attack launched from what they call the “Internet of Things” (IoT).

As security features improve on desktops, laptops, cell phones and tablets, cyber criminals are being forced to take increasingly creative measures to successfully dupe consumers. Smart gadgets and home routers provide a target-rich environment, as these nascent technologies typically have little to no security features to prevent attacks.

“Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse” said David Knight, General Manager of Proofpoint’s Information Security division. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them.”

The attack occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide. Most of the emails were sent by  consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator, rather than conventional devices like laptops or desktop computers.

What’s particularly harrowing about the attack is the fact that its origins are extremely difficult to trace. No more than 10 emails came from an individual IP address. Even scarier, the spam attack didn’t require any expert-level hacking – instead, the use of default passwords on so many devices made them ripe for exploitation.

As more and more devices become “smart” and connected to the internet, attacks using the IoT are only expected to increase. In fact, the IDC estimates that more than 200 billion things will be connected via the Internet by 2020. Considering that few smart appliances feature any sort of security protection, that’s a lot of devices cyber criminals can exploit to launch malicious campaigns.

“The ‘Internet of Things’ holds great promise for enabling control of all of the gadgets that we use on a daily basis. It also holds great promise for cybercriminals who can use our homes’ routers, televisions, refrigerators and other Internet-connected devices to launch large and distributed attacks”, said Michael Osterman, principal analyst at Osterman Research. “Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem.”

Just be wary the next time you receive an email from your fridge reminding you that your eggs are about to spoil, and also to send a check to collect your winnings from the Nigerian lottery.