Phishers Employ ‘Smart Redirection’ Attacks

In response to recent action cracking down on phishers across the globe, cyber criminals have begun to use “smart redirection” attacks to make sure people who get duped into visiting faux sites reach a live address instead of one that has already been shut down, The Register reports.

Phishers typically send out e-mails that impersonate legitimate messages from online financial associations, hoping a small percentage of their recipients will click on the links inside the messages and be directed to fake sites where their personal information can be culled.

Smart redirection attacks are based on a number of similar phishing sites that are located at different Web addresses, so that when one is shut down, victims will be directed to a live site, according to The Register. Phishers use smart redirection to send out e-mails with different URLs directing victims to a single IP address that hosts the “smart redirector,” The Register reports. When a person clicks on one of the URLs, the smart redirector locates a live site and sends that person to it, according to The Register.

Researchers at the RSA Cyota Anti-Fraud Command Centre first discovered smart redirection, The Register reports, and two such attacks against banks in the United Kingdom have been confirmed.

Andrew Maloney, RSA Cyota’s senior project manager, told The Register, “As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimize the effect this has on their hit rates. Analyzing which websites are live—and seamlessly redirecting users to them—seems like a good way to raise the stakes.”

For related content, read How to Foil a Phish and What Is Phishing?

For related news coverage, check out AOL Sues Group Under Va. Anti-Phishing Law and Keylogging Scams on the Rise Across the Globe.

Keep checking in at our CSO Security Feed page for updated news coverage.