New Phishing Technique Identified

Filed under: — By Aviran Mordo @ 10:02 am

The RSA Cyota Anti-Fraud Command Center (AFCC) at RSA Security (Nasdaq: RSAS) announced this week that it has discovered that online fraudsters have developed a new phishing technique in response to increasingly aggressive moves to identify and shut down phishing sites.

This new type of attack, known as a Smart Redirection Attack, is designed to ensure that potential phishing victims always link to a live website. So far two attacks on two different banks — one based in the UK and the other in Canada — have been detected.

How it works

For a Smart Redirection Attack, the fraudster creates a number of similar phishing websites based at different locations. All of the emails received by consumers contain URLs that direct the victim to an IP address that hosts the ’smart redirector’. When the potential victim clicks on the link, the ‘redirector’ checks all related phishing websites, identifies which sites are still live, and invisibly redirects the user to one of them.

The thinking behind the scam - Fraudsters are aware that once a user identifies the site as fraudulent, s/he will report the site’s address, and there’s a good chance that someone will shut it down. If the fraudster has used a single address for an entire batch of emails, the entire mailing list directed to that site would be wasted. However, sending the redirector address (hidden from the consumer) assures that the consumer will always reach a live site.


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress