Fake DDoS Attack Email

Banner and Title of the Page

In the same day, I had two clients recieve the same, fake DDoS email with a link to a suspicious Google Drive folder. The sender was different for both, but both claimed to be from a major company (in the two I saw, Intuit and Hubspot).

The email seems pretty much legitimate other than a few grammar errors that seem to be ubiquitous among these types of scams.

If you're wondering if they are legitimate: they are not. Do not, under any circumstances, click any of the links in the email.

Here is a copy of the email they received:

Hello,

This message was written to you in order to notify, that we are currently experiencing serious network problems and we have detected a DDoS attack on our servers coming from the your website or a website that your company hosts (example.com). As a consequence, we are suffering financial and reputational losses.

We have strong evidence and belief that your site was hacked and your website files were modified, with the help of which the DDoS attack is currently taking place. It is strictly advised for you as a website proprietor or as a person associated with this website take immediate action to fix this issue.

To fix this issue, you should immediately clean your website from malicious files that are used to carry out the DDoS attack.

I have shared the log file with the recorded evidence that the attack is coming from example.com and also detailed guidelines on how to safely deal with, find and clean up all malicious files manually in order to eradicate the threat to our network.

Click on the link below to download DDos Attack evidence and follow the instructions to fix the issue:

https://drive.google.com/uc?export=download&id=removed

Please be aware that failure to comply with the instructions above or/and if DDoS attacks associated with example.com will not stop within the next 24 hour period upon receipt of this message, we will be entitled to seek legal actions to resolve this issue.

If you will experience any difficulties trying to solve the issue, please reply immediately with your personal reference case number (included in the log report and instructions mentioned above) and I will do my best to help you resolve this problem asap.

Austin Nguyen
intuit.com IT security team

At first glance it really does seem legitimate, although this really isn't how any real company would go about addressing a DDoS attack even if it were. Manually emailing the owners of every website behind the attack would be pretty fruitless.

Did you receive this email? Let me know more details in the comments!

About Brian Johnson

Brian Johnson is a website developer and designer living in Minneapolis, Minnesota with a passion for code and WordPress. He spends his days building WordPress websites for small businesses, developing new code with the online community, and living life.