URL redirection attack
(also open redirect attack)
URL redirection attack definition
A URL redirection attack is a form of web-based threat where the attacker manipulates URLs to redirect users from a legitimate website to a malicious one, mostly to steal sensitive information or distribute malware.
During URL redirection, attackers exploit vulnerable redirect functions that do not validate or verify the target of redirection. Hackers usually embed a malicious URL as a parameter in a legitimate URL, tricking users into clicking what appears to be a safe link. Once they do, the user is redirected to the fake site without their knowledge.
One famous case involved eBay. In 2014, an attacker exploited a cross-site scripting vulnerability to redirect users to a fake login page designed to steal their credentials. These types of attacks are still common in phishing campaigns meant to collect people’s usernames, passwords, and credit card details.
See also: DNS redirection
Preventing URL redirection attacks
- Regularly update software: Keep all software and systems up-to-date, as updates often include patches for bugs and security vulnerabilities.
- Validate redirects: Web developers should validate and sanitize all URLs before allowing redirection, rejecting unfamiliar or untrusted URLs.
- Use security software: Maintain strong anti-malware protection, which can often detect and block malicious sites, like NordVPN’s Threat Protection.
- User education: Users should be trained to identify malicious websites, even when the URL seems to be familiar and trusted.