What to Do When Sites You Trust Suffer Redirect Attacks

2025-11-13

September 2017 was a very gray month indeed for people who are concerned about their security and the privacy of their data. For starters, Equifax – a major credit reporting agency in the U.S. – was hacked, leaking the personally identifiable information of 143 million people. Then there was the data leak from Amazon S3 servers. And now, the Equifax website for customers looking to mitigate problems with their credits report has (again) been hacked, redirecting people to malware. What should people do when they suffer redirect attacks?

What’s a Redirect Attack?

redirecthack-equifaxlogo

Before we dive into how redirect attacks work, we need to talk about a little bit of history:

After the breach of Equifax, an organization that is trusted by various financial institutions to provide the credit reports of millions of people around the world, the company made efforts to try and remedy the situation

Despite all of this, its website still had vulnerabilities that hackers took full advantage of in the wake of the recent compromise. This led to Equifax’s website unintentionally redirecting people to a fake Flash update download that would install adware on their computers. The malware itself is not extraordinarily damaging since it merely displays advertisements on Internet Explorer. But in any other situation, things could get a lot worse.

A redirect attack happens when a hacker compromises a website to the point that its visitors are directed to a fake page when they click a link. To give you a proper scenario, imagine that hackers manage to hijack Facebook’s homepage so that every time you click on an advertisement, it takes you to an affiliate site that pays them every time they get a visit. That’s a more harmless example than the typical scenario, but it summarizes redirect attacks succinctly. You click a link you trust to take you somewhere, and it swings you somewhere else.

How Hackers Execute Redirect Attacks

The simplest way to redirect someone to another website is to take advantage of vulnerabilities of a website’s database. Sometimes a well-executed SQL injection allows the hacker to slip some malicious code into a website’s output.

This isn’t always possible, which leads more clever hackers to find vulnerabilities in the software that runs the website or its content management system (CMS). Sometimes a vulnerability like Apache Struts CVE-2017-5638 that allows people to execute arbitrary code will occur.

What You Can Do To Prevent Becoming A Victim

redirecthack-security

It’s easy to feel helpless when trusted organizations suffer attacks that are easily preventable and do not take sufficient measures to remedy the situation. But there are a couple of things you can make a note of when you’re browsing the web to prevent yourself from falling victim to redirect attacks.

For starters, you should never open “software updates” or any other kind of executable file from websites that don’t usually hand them out. While you can expect to get a ZIP file with an EXE in it or just a plain EXE from a website like Softpedia – which many people use to download programs and utilities – you should never expect an EXE to come from an email attachment, a social media site, or from a credit reporting agency.

If you’re unsure of an EXE that you have received and expected, upload it to a trusted online virus checking utility like VirusTotal or Metadefender.

No matter how scary redirect attacks are, it’s helpful to keep in mind that they will often push you to a different domain name than the organization’s official one. Make a habit of keeping an eye on your address bar as you browse the Web. At some point it will become second nature, and you’ll notice any suspicious changes quickly.

Do you have any other tips that can help people arm themselves against redirect attacks similar to the one Equifax suffered? Let us know your ideas in a comment!

Comments on " What to Do When Sites You Trust Suffer Redirect Attacks" :

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Related Article

    Are Free SSL Certificates Better than Commercial Ones?
    INTERNET

    Are Free SSL Certificates Better than Commercial Ones?

    Because of the rise of the use of encryption across the Web, people have begun associating it with t

    How to Stop Websites from Asking for Your Location
    INTERNET

    How to Stop Websites from Asking for Your Location

    When browsing the Web with some of the modern web browsers like Mozilla Firefox, Google Chrome, Safa

    7 Websites Where You Can Find and Download Free Audiobooks Legally
    INTERNET

    7 Websites Where You Can Find and Download Free Audiobooks Legally

    Listening to audiobooks is an easy way to digest a ton of books quickly and efficiently. You can lis

    What is a PDF File? Benefits and Drawbacks of the PDF Format
    INTERNET

    What is a PDF File? Benefits and Drawbacks of the PDF Format

    Sometimes when you download a document from the Internet, you’ll notice that it arrives in a .PDF

    5 of The Best WordPress Plugins to Integrate Bitcoins to Your Site
    INTERNET

    5 of The Best WordPress Plugins to Integrate Bitcoins to Your Site

    If Bitcoin and WordPress are two of your passions, this article will show how you can merge them –

    How to Get the Most from the New Opera Touch
    INTERNET

    How to Get the Most from the New Opera Touch

    Everyone seems to have loyalty to their favorite browsers. Sometimes the debate becomes as heated as

    6 Awesome Websites You Can Use to Burst Your Filter Bubble
    INTERNET

    6 Awesome Websites You Can Use to Burst Your Filter Bubble

    As humans, we are psychologically biased toward news that backs up our own viewpoints, and the rise

    5 of the Best Privacy-Centered Cryptocurrencies
    INTERNET

    5 of the Best Privacy-Centered Cryptocurrencies

    Bitcoin, with its public ledger where transactions can be traced years after they occur, is a privac

    About Netverse

    We are a premier digital platform committed to delivering high-quality content to our readers. Our mission is to provide accurate, reliable, and engaging information that adds value to our audience's daily lives.

    Our team consists of experienced content creators and subject matter experts who uphold the highest standards of professionalism. In an era of information overload, we curate content with care, ensuring our users receive only the most relevant and trustworthy information.

    Beyond just reporting facts, we focus on depth and context. Through expert analysis, comprehensive research, and clear presentation, we help our audience gain meaningful insights and make informed decisions.

    We take pride in being a trusted information source for our growing community of readers. Our user-first approach means we continuously adapt to provide content that meets our audience's evolving needs and interests.

    Innovation and excellence drive everything we do. We're committed to improving our platform and services to deliver the best possible experience for our users.