Keepnet Labs Logo
Menu
Keepnet Labs > blog > covert-redirect-attacks-and-how-to-get-protected-against-them

Covert redirect attacks and how to get protected against them

Open redirects fail to determine whether the redirected URL is valid. Cybercriminals exploit this flaw by opening a fake login window, stealing login information, and redirecting to a malware-infringing page. This type of phishing attack was first discovered in June 2014 by Wang Jing at Nanyang University of Technology.

Covert redirect attacks and how to get protected against them

When hackers use available routing, they commit a security breach known as covert redirect. Open redirects fail to determine whether the redirected URL is valid. Cybercriminals who use covert redirects exploit this flaw by opening a fake login window, stealing login information, and redirecting to a malware-infringing page. Some situations on this page, such as identity theft, may be harmful to the user.

This type of phishing attack, first discovered in June 2014 by Wang Jing, a Ph.D. student at Nanyang University of Technology, affected large sites such as Facebook, Google, Yahoo, and Microsoft via OAuth and OpenID.

Assume a user visits Facebook and clicks on a malicious phishing link. After that, a window will appear asking the user to authorize the application. The victim’s personal and sensitive information may be exposed if the target user authorizes the application. This information may include your email address, date of birth, contact information, and work history.

Get Protected against Covert redirects using security awareness products

Keepnet Labs‘ security awareness and anti-phishing platforms offer products for covert redirects or other types of phishing attacks for free. The platform contains a number of modules that help users learn about phishing schemes and take action against them.

SHARE ON

twitter
twitter
twitter

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate