Data breach: covert redirectOrhan Sari
Covert Redirect is a security breach and occurs when cyber hackers use open routing. Open redirects are not successful in checking whether the redirected URL is a valid URL. Cybercriminals who use covert redirect take advantage of this weakness, open a fake login window, steal login information, and redirect to a malware-infringing page. In this page, there are situations that may be harmful to the user, such as identity theft.
First discovered in June 2014 by Wang Jing, PhD student at Nanyang University of Technology, this type of phishing attacks affected large sites such as Facebook, Google, Yahoo and Microsoft using OAuth and OpenID.
For example, suppose that a user clicks a malicious phishing link on Facebook. Then a window will open asking if the user wants to authorize the application. If the target user chooses to authorize the application, the victim’s personal sensitive information can be exposed. This information may include your email address, date of birth, contacts, and history of work.
Keepnet Labs security awareness and anti-phishing platform offer solution for covert redirect or the other types of phishing attacks for free. The platform has many modules that help users to learn phishing schemes and take action against them.