When hackers use available routing, they commit a security breach known as covert redirect. Open redirects fail to determine whether the redirected URL is valid. Cybercriminals who use covert redirects exploit this flaw by opening a fake login window, stealing login information, and redirecting to a malware-infringing page. Some situations on this page, such as identity theft, may be harmful to the user.
This type of phishing attack, first discovered in June 2014 by Wang Jing, a Ph.D. student at Nanyang University of Technology, affected large sites such as Facebook, Google, Yahoo, and Microsoft via OAuth and OpenID.
Assume a user visits Facebook and clicks on a malicious phishing link. After that, a window will appear asking the user to authorize the application. The victim’s personal and sensitive information may be exposed if the target user authorizes the application. This information may include your email address, date of birth, contact information, and work history.
Keepnet Labs‘ security awareness and anti-phishing platforms offer solutions for covert redirects or other types of phishing attacks for free. The platform contains a number of modules that help users learn about phishing schemes and take action against them.
Register and try Keepnet modules for free.