Smart Redirection Attack Helps Phishers Dodge Site Shutdowns

By | March 10, 2006

RSA Security announced this week that it has discovered that online fraudsters have developed a new phishing technique in response to increasingly aggressive moves to identify and shut down phishing sites. This new type of attack, known as a Smart Redirection Attack, is designed to ensure that potential phishing victims always link to a live website.

For a Smart Redirection Attack, the fraudster creates a number of similar phishing websites based at different locations. All of the emails received by consumers contain URLs that direct the victim to an IP address that hosts the ´smart redirector´. When the potential victim clicks on the link, the ´redirector´ checks all related phishing websites, identifies which sites are still live, and invisibly redirects the user to one of them.

Fraudsters are aware that once a user identifies the site as fraudulent, s/he will report the site´s address, and there´s a good chance that someone will shut it down. If the fraudster has used a single address for an entire batch of emails, the entire mailing list directed to that site would be wasted. However, sending the redirector address (hidden from the consumer) assures that the consumer will always reach a live site.

Naftali Bennett, senior vice president at RSA Cyota Consumer Solutions, commented: “As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimize the effect this has on their hit rates. Analyzing which websites are still live — and seamlessly redirecting users to them — seems like a good way to raise the stakes. These phishing emails look no different than any other: all the action takes place behind the scenes, so as always users need to remain vigilant. Technology also plays a big part in preventing sophisticated attacks like these, and companies like RSA Security are constantly monitoring phishing attacks and the Internet as a whole, making them increasingly adept at closing fraudulent websites down — no matter how many the fraudster has created.”

Leave a Reply