I think I may have found the answer to what's going on. If you don't mind clicking on a link, here's the article I just now read:
https://www.howtogeek.com/412316/how-email-bombing-uses-spam-to-hide-an-attack/
If you don't want to click on the link, I'll try to summarize what "email bombing" is all about. The attacker has likely gained access to one of my online accounts (especially one with stored payment info), and they want to try and order from that account. They're hoping that if I get a notification about a transaction I'll miss it, or even delete it along with a group of known booming emails, and the transaction will go through. They might make the effort at the outset in hopes that I'm overwhelmed, or they might try it after a little time has passed, in hopes that they will have exhausted me and I've given up.
The article also suggests a few ways to mount a defense, but it's clear that this type of attack is difficult to deal with.