Scammers Using ‘Site Redirects’ to Leverage More Benefits
According to a study by Indiana University, an assessment of nearly 2.5 Million Web pages of some highly trusted and popular sites showed at least 128,000 links that virus writers and fraudsters could manipulate to make Internet scams more convincing.
Researchers at Indiana University, who tried to determine the number of open redirects on the Websites, were surprised to find how many Websites, all high-profile, contained open redirects, especially as they weren't hard to detect or mend.
Further, although e-mail attachment is the most frequently used method to disseminate viruses, e-mail campaigns today commonly tend to have links leading to malevolent Websites than malware itself. And these e-mails typically attempt to trick users into clicking on the malicious links. Meanwhile, as the common scams and spam that target vulnerable end-users keep getting success, they conveniently aid in the flow of the fraudulent e-mails.
Also, as indicated in the study, phishers and scammers are manipulating oft-used coding in 'redirects' to channel traffic away from reputable sites to those that harbor malware for phishing.
However, all redirects aren't bad. Some are essentially Web links used to forward visiting traffic across two sites. Such redirects may prove useful when site owners wants to move of content across several sites without using old links that might take to defunct pages.
However, redirects are vulnerable to exploitation when Websites leave them exposed or allow them to move traffic from one site to another site randomly. And these security faults in the trusted sites looked by writers and because they know that people tend to click links on sites they are familiar with and have trust on, the study outlines.
Furthermore, according to Trend Micro, the provider of online content security, cyber criminals, who already leverage new methods to proliferate their crime, are now reinventing social engineering tactics to cleverly trap both businesses and consumers. In one recent phishing attack, the phishing message warned recipients of phishing e-mails, trying to make that e-mail appears legitimate but it led the victims to a an illegal site.
Related article: Scammers Exploit Tax System Resulting in ID Theft
» SPAMfighter News - 29-07-2008