Phishing after DDos attacks –
a good combination?

Jorrit van de Walle - 19 February 2018

In recent weeks, several organisations experienced a large number of DDoS attacks. Some banks, but also the Tax Authorities and even the National identity platform of the Netherlands (DigiD) were targeted. Quite disruptive for their services! It turned out that the perpetrator had been doing this for a lark. There were some who were convinced the Russians were behind these attacks. To be honest, I don’t know which is scarier.

After a DDoS attack we often see a number of ‘trailers’. For example, phishers and social engineers, who try to take advantage of the attack. Why is that? A good phisher or social engineer – someone who wants to steal your personal data without paying for them – picks up on two old creeds in advertising. Two things people are sensitive to: fear and greed. Now you know why insurance companies (fear) and lotteries (greed) do so well.

So, a good phisher uses this as well. In this blogpost I focus on ‘fear’. I’m expecting a surge in phishing mails at which they appoint the DDoS attacks on banks. And that suggests that your client data should be verified in order for you to continue online banking safely. Perhaps the tone of voice of the e-mails will become more threatening as time goes on (‘if you do not respond, your account may be closed’). A perfect example of using fear.

There will also be more e-mails or even phone calls that will tell you they can protect you against DDoS attacks. Have no fear, our phishers are here.

Watchfulness against phishing mails remains important. Not only to avoid identity fraud or to prevent your personal or organisation’s data from being exposed; but also to prevent infections by ransomware, which tend to start with almost-perfectly-genuine e-mails carrying a link to malware.

Phishingtest.com helps organisations protect themselves against phishing mails every day. Successfully. And I am proud of that!