What to Do When Sites You Trust Suffer Redirect Attacks

September 2017 was a very gray month indeed for people who are concerned about their security and the privacy of their data. For starters, Equifax – a major credit reporting agency in the U.S. – was hacked, leaking the personally identifiable information of 143 million people. Then there was the data leak from Amazon S3 servers. And now, the Equifax website for customers looking to mitigate problems with their credits report has (again) been hacked, redirecting people to malware. What should people do when they suffer redirect attacks?

What’s a Redirect Attack?


Before we dive into how redirect attacks work, we need to talk about a little bit of history:

After the breach of Equifax, an organization that is trusted by various financial institutions to provide the credit reports of millions of people around the world, the company made efforts to try and remedy the situation

Despite all of this, its website still had vulnerabilities that hackers took full advantage of in the wake of the recent compromise. This led to Equifax’s website unintentionally redirecting people to a fake Flash update download that would install adware on their computers. The malware itself is not extraordinarily damaging since it merely displays advertisements on Internet Explorer. But in any other situation, things could get a lot worse.

A redirect attack happens when a hacker compromises a website to the point that its visitors are directed to a fake page when they click a link. To give you a proper scenario, imagine that hackers manage to hijack Facebook’s homepage so that every time you click on an advertisement, it takes you to an affiliate site that pays them every time they get a visit. That’s a more harmless example than the typical scenario, but it summarizes redirect attacks succinctly. You click a link you trust to take you somewhere, and it swings you somewhere else.

How Hackers Execute Redirect Attacks

The simplest way to redirect someone to another website is to take advantage of vulnerabilities of a website’s database. Sometimes a well-executed SQL injection allows the hacker to slip some malicious code into a website’s output.

This isn’t always possible, which leads more clever hackers to find vulnerabilities in the software that runs the website or its content management system (CMS). Sometimes a vulnerability like Apache Struts CVE-2017-5638 that allows people to execute arbitrary code will occur.

What You Can Do To Prevent Becoming A Victim


It’s easy to feel helpless when trusted organizations suffer attacks that are easily preventable and do not take sufficient measures to remedy the situation. But there are a couple of things you can make a note of when you’re browsing the web to prevent yourself from falling victim to redirect attacks.

For starters, you should never open “software updates” or any other kind of executable file from websites that don’t usually hand them out. While you can expect to get a ZIP file with an EXE in it or just a plain EXE from a website like Softpedia – which many people use to download programs and utilities – you should never expect an EXE to come from an email attachment, a social media site, or from a credit reporting agency.

If you’re unsure of an EXE that you have received and expected, upload it to a trusted online virus checking utility like VirusTotal or Metadefender.

No matter how scary redirect attacks are, it’s helpful to keep in mind that they will often push you to a different domain name than the organization’s official one. Make a habit of keeping an eye on your address bar as you browse the Web. At some point it will become second nature, and you’ll notice any suspicious changes quickly.

Do you have any other tips that can help people arm themselves against redirect attacks similar to the one Equifax suffered? Let us know your ideas in a comment!

Miguel Leiva-Gomez Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.


  1. It really is pathetic on Equifax part in all this mess. Shortly after the breach they started an ad campaign of all things enticing people to come pay them money to ensure their personal information does not get hacked. I found their response to being hacked themselves to be of the lowest possible caliber and I will never trust them again!

    1. I still say that credit bureaus are questionable and truly need to be regulated. I rarely support regulations, but with Equifax, TransUnion and Experian not really checking on what is being reported to them – They need to be regulated. Plus, these bureaus do not want to really help anyone when the reports are incorrect. They asked you for money and that you investigate the information. It can take years to clear up a wrong credit report – NO difference than trying to prove Identity Theft!!!

      I have NOT trusted any of the 3 bureaus, for years!

      As for malware – This is but the cherry on the top of the sundae!!! I wonder how many of these people will get Ransomware on their computers??? This malware seems to be quite lucrative for the hackers! I bet the Accreditation of Hospitals have changed some of their criteria and included the IT Department and Security of data. Several hospitals, across the USA, have been “hit” with Ransomware and have had to pay the hackers – To get to the inpatient’s hospital files.

  2. I believe here should be a new set of laws implemented that would require that any company that is slack regarding security?…would have to PAY their customers a check of $100 (or more!) I bet they’d sit up and pay attention then wouldn’t they!?

    1. I so agree with that. No matter which company it is, whether it’s Target, Chase, Equifax or any of the ones we KNOW about, it’s always. We are so sorry, valued customer, we will pay for a year to have some company keep a lookout. I get so mad when I get those notices.
      Yes they should have to pay us.

Comments are closed.