Last week, a woman, who we’ll call Jane, woke up in her home, as she does every morning, at around 5 a.m. (Her kids didn’t get the memo about daylight saving time.) Jane hobbled downstairs, still half asleep, walked into her kitchen, and started the coffee machine. Then she turned on her iPhone and immediately said, “Holy fuck!” Jane is a former senior staffer at the Democratic Congressional Campaign Committee, or DCCC, and when she turned on her phone that morning, her email inbox had filled with over 4,500 new messages from thousands of authentic businesses across the internet. Because of their authenticity, many of those messages had not been spotted by her Gmail spam filter. As she held her phone in her hand, she watched in disbelief as new messages appeared almost every second. Before she could quell the onslaught, 8,000 had landed in her inbox.

At first, Jane, who asked to be identified by a pseudonym so she doesn’t suffer the wrath of more nefarious activity online, panicked. She reached out to some of her former colleagues who work in Democratic politics to see if they had suffered similar experiences (some had), and was guided down a rabbit hole that eventually pointed back to her being part of the data breach at the DCCC, when Hillary Clinton and John Podesta were targeted by the Russians in 2016—a hack that saw everything from Clinton’s paid speeches to Podesta’s creamy risotto recipe posted to WikiLeaks, and subsequently leaked all over the internet. What had happened to Jane is called an “email bomb,” where a bot signs you up for tens of thousands of newsletters, coupon websites, and businesses, so your inbox is flooded to the point that you can’t tell what’s a real email and what’s not. While these email bombs are sometimes just pranks, more often they are used as a smoke screen to distract someone, like Jane, from seeing real emails, so that a hacker can then access her personal files while she’s under attack. (It’s almost like a pickpocket knocking you over on the street so the thief can take your wallet.)

For Jane, the email bomb was just the beginning. When she reached out to a relative who is a security researcher and happens to be investigating both the 2016 Russian hacks and the coming 2020 election, the security researcher shared an even more startling idea: “Imagine this happening to you on Election Day.”

Since it became apparent that Donald J. Trump won the 2016 election partially as a result of the actions of Russia and Cambridge Analytica in 2015 and 2016—which targeted voters through stealthy data mining and data analysis, and then pushed them to vote based on their specific neuroses—tens of millions of dollars have poured into research around what could happen in 2020. The assumption by half a dozen researchers I’ve spoken with is that whatever will happen in 2020 around Trump seeking a second term will not simply be more of the same. Sure, more sophisticated fake news will be shared on Facebook, and more advanced bots will hijack Twitter, but many researchers and investigators believe fake news will be just the tip of the iceberg. The main strategy this time around, according to several researchers I’ve spoken with, will be to stop people—predominantly Democrats—from going to the polls altogether.

“The Russians clearly want to help the GOP,” one researcher I spoke with said. “It’s a fact that with the changing demographics of the country, the way the GOP wins an election is when less people vote, and we know that’s why they do voter-suppression tactics.” Indeed, in recent elections, Republicans reduced voting hours in Democrat-heavy districts (especially those that are African American), and purged voters from databases in Florida and dozens of other states across the U.S. So how does this play into email bombs? “The logic in security circles is now: How will Russia create a digital version of voter suppression?” the researcher I spoke with said. “Essentially digitally crippling people from being able to get to the polls on Election Day in 2020.”