Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Clever Phishers Dodge Spoofed Site Shutdowns

Fraudsters are using a new technique to keep their spoofed Web sites up and running even as authorities pull the plug, a security expert said this week.

According to RSA Security's Naftali Bennett, the senior vice president of its Cyota anti-fraud division, some phishers have started using a tactic called "smart site redirection" to stay a step ahead of the law.

"The goal of the phisher is to keep his spoofed site alive as long as possible," said Bennett. The longer the site remains active, the more victims a phisher can dupe into divulging confidential information such as bank or credit account usernames, passwords, and PINs.

In a smart site redirection, the attacker creates several identical copies of the spoofed site, each with a different URL, often hosted by different ISPs. When the phishing e-mails go out, all include a link to yet another site, a "central redirector." When the potential victim clicks on the e-mailed link, the redirector checks all the phishing sites, identifies which are still live, and invisibly redirects the user to one.

Clever, said Bennett, but just the latest in what he called a "battle of brains" between phishers and security firms.

  • 1