DDoS makes a phishing e-mail look real

Phishers have a new tactic -- launching DDoS attacks on Web sites then taking advantage of the outage.
Written by Munir Kotadia, Contributor

Just as Internet users learn that clicking on a link in an e-mail purporting to come from their bank is a bad idea, phishers seem to be developing a new tactic -- launch a DDoS attack on the Web site of the company whose customers they are targeting and then send e-mails "explaining" the outage and offering an "alternative" URL.

Imagine this scenario: You try to log onto your online bank but find the site isn't working. So you figure, oh well, I will pay the bills later. Let me check my e-mail.

As you wade through the spam in your inbox trying to find some genuine messages, you notice a new e-mail that seems to have been sent by your bank. Normally, you delete these without even reading them because they are obviously from phishers.

However, in this case, the subject line is: "YourBank: Un-planned online banking outage".

The body of the e-mail, which contains logos from the bank and is not littered with spelling errors and grammatical mistakes, goes something like this:

The online banking system is currently experiencing problems and will be unavailable for at least a few days.

Until we can restore our systems, we request that you connect to our alternate Web site which will act as a backup.

Bookmarks and direct access will not work to our main site and we apologise for any inconvenience caused.

Click here to access the temporary site.

Would you be tempted? Do you know anyone that may be fooled?

I sure do.

But is this threat real?

The National Australia Bank (NAB) thinks so. Last month it suffered a DDoS attack and issued a special alert because it suspected that phishers were responsible.

Just a week later, Westpac experienced unexplained hardware failures. During the downtime, phishers sent out e-mails asking customers to "update their accounts within 48 hours".

Even if cybercriminals were not responsible for Westpac's downtime, they tried to exploit it.

I asked a couple of security experts what they thought of the combined DDoS/e-mail attack theory.

Mark Sunner, the CTO of MessageLabs, told me the theory is plausible and he was worried that the combined attacks could be launched as the holiday season approaches.

"We are certainly seeing an unprecedented level of botnet activity in the run up to Christmas, which is in turn fuelling the current spam surge. Botnets of this scale were more traditionally associated with DDoS attacks as well so there could be a connection," said Sunner.

Dan Hubbard, vice president of security research for Websense, and a representative of the Anti-Phishing Working Group, said phishers will adopt whatever method is most effective.

"It is just an example of the rise in sophistication -- the combination of bot's and phishing ... As far as the effectiveness, it is not easy to measure. Time is one way to tell as the phishers will do something that works and do it until it does not," said Hubbard.

Editorial standards