Just as Internet users learn that clicking on a link in an e-mail purporting to come from their bank is a bad idea, phishers seem to be developing a new tactic — launch a DDoS attack on the Web site of the company whose customers they are targeting and then send e-mails "explaining" the outage and offering an "alternative" URL.
Imagine this scenario: You try to log onto your online bank but find the site isn’t working. So you figure, oh well, I will pay the bills later. Let me check my e-mail.
As you wade through the spam in your inbox trying to find some genuine messages, you notice a new e-mail that seems to have been sent by your bank. Normally, you delete these without even reading them because they are obviously from phishers.
However, in this case, the subject line is: "YourBank: Un-planned online banking outage".
The body of the e-mail, which contains logos from the bank and is not littered with spelling errors and grammatical mistakes, goes something like this:
The online banking system is currently experiencing problems and will be unavailable for at least a few days.
Until we can restore our systems, we request that you connect to our alternate Web site which will act as a backup.
Bookmarks and direct access will not work to our main site and we apologise for any inconvenience caused.
Click here to access the temporary site.
Would you be tempted? Do you know anyone that may be fooled?
I sure do.
But is this threat real?