Online fraudsters have developed a new phishing technique in response to increasingly aggressive moves to identify and shut-down traditional phishing sites. Dubbed "smart redirection attacks," the new threat is designed to ensure that potential phishing victims always link to a live website.
The warning was issued by the RSA Cyota Anti-Fraud Command, which notes it has so far detected two attacks based on the technique against two different banks - one based in the U.K. and the other in Canada.
The researchers explained that a smart redirection attack involves the fraudster creating a number of similar phishing websites based at different locations. All of the emails contain URLs that direct the victim to a single IP address, which hosts the "smart redirector." When the potential victim clicks on the link, the redirector checks all related phishing websites, identifying which sites are still live and invisibly redirecting the user to one of them.
Andrew Moloney, senior product manager at RSA Cyota Consumer Solutions, said that the new breed of attack showed that firms cannot afford to become complacent in the battle against cyber criminals, as threats are evolving at least as quickly as the industry's ability to counter them.
"As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimize the affect this has on their hit rates. Analyzing which websites are still live - and seamlessly redirecting users to them - seems like a good way to raise the stakes," said Moloney. "These phishing emails look no different to any other: all the action takes place behind the scenes, so as always users need to remain vigilant. Technology also plays a big part in preventing sophisticated attacks like these."