ActionFraud - National Fraud & Cyber Crime Reporting Centre - Call 0300 123 2040

Distributed Denial of Service (DDoS)

What it is

When your business’s website or online service crashes after being overwhelmed by a large volume of traffic from multiple sources. A Distributed Dential of Service (DDoS) attack is sometimes a method for defrauding a company.

Protect yourself

  • Find out if your business is at risk; talk to colleagues about how you could prevent an attack.
  • Speak to a DDoS prevention specialist and have your systems tested for vulnerability.
  • Make sure your business has the resilience to keep other systems secure during a DDoS attack.

Spot the signs

  • You or your customers can’t access your website for any apparent reason.
  • Cyber criminals may perform test attacks to take a look at your system’s vulnerability. Small attacks could lead to larger ones.
  • The attack may be a distraction. Look out for signs of attempted fraud or cyber crime taking place elsewhere.

How it happens

Cyber criminals use a piece of software that makes thousands of attempts to access a company or corporate website at the same time. The attack may use a technique called ‘IP spoofing’ to make it look like many different computers are trying to access the site, rather than one over and over again.

A DDoS attack is like many people trying to squeeze through a door at once; ordinary users won’t be able to access the site or use its services, and eventually the entire website will fail.

Attackers may use DDoS as a diversion to commit fraud, or to test your systems’ vulnerabilities. While your business works to clear the attack and restore normal access, the attackers may use different techniques to access customer data to be used for identity fraud, or steal sensitive company information.

How to report it

We have a 24/7 reporting line for cyber attacks; call 0300 123 2040.

If your business suffers a DDoS attack, call your Internet Service Provider (ISP), or hosting provider if you do not host your own web server.

Keep a timeline of events and save server, web and email logs, any packet capture, network graphs or reports.

Related articles