Between last September and the end of 2012, all of the leading U.S. banking institutions had fallen victim at least once to a distributed denial-of-service (DDoS) attack. Although the main objective of such attacks is to slow or interrupt service on a bank’s website and create customer service nightmares, a growing concern is that the attacks may simply serve as a distraction while fraudsters attempt to obtain sensitive personal and financial information undetected.