Cyber criminals attempt to dodge phishing site shutdowns

By

Online fraudsters have developed a new phishing technique in response to increasingly aggressive moves to identify and shut-down traditional phishing sites. Dubbed "smart redirection attacks," the new threat is designed to ensure that potential phishing victims always link to a live website.

The warning was issued by the RSA Cyota Anti-Fraud Command, which notes it has so far detected two attacks based on the technique against two different banks - one based in the U.K. and the other in Canada.


The researchers explained that a smart redirection attack involves the fraudster creating a number of similar phishing websites based at different locations. All of the emails contain URLs that direct the victim to a single IP address, which hosts the "smart redirector." When the potential victim clicks on the link, the redirector checks all related phishing websites, identifying which sites are still live and invisibly redirecting the user to one of them.

Andrew Moloney, senior product manager at RSA Cyota Consumer Solutions, said that the new breed of attack showed that firms cannot afford to become complacent in the battle against cyber criminals, as threats are evolving at least as quickly as the industry's ability to counter them.

"As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimize the affect this has on their hit rates. Analyzing which websites are still live - and seamlessly redirecting users to them - seems like a good way to raise the stakes," said Moloney. "These phishing emails look no different to any other: all the action takes place behind the scenes, so as always users need to remain vigilant. Technology also plays a big part in preventing sophisticated attacks like these."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Western Sydney University targets file-sharing sites hosting stolen data

Western Sydney University targets file-sharing sites hosting stolen data

Log In

  |  Forgot your password?