As technology evolves, so do scams. One of the more bizarre sources of evidence for this fact comes from ‘smart’ homes, which have every appliance connected to the internet so that they can be controlled from a mobile app. A security hole in just one of these pieces of hardware means that your entire household can be turned against you.
And, while you might not wake to find your fridge watching you sleep, an awful lot of data can be stolen from your unsecure devices while you are dreaming.
Auto-redirects, described by security firm GeoEdge as “digital quicksand”, are another type of scam that has adapted to the passage of time and technology. Usually found in the form of auto redirect ads, this kind of attack relies on malicious actors gaining control of ad servers, which are then infected with malware. In brief, the purpose of auto-redirect scams is to send web users somewhere other than where they wanted to go. In 95% of cases, this destination will be another scam, a virus, or a site selling illegal products.
Redirects are dangerous because they’re invisible. The advert that ultimately lands you in virtual hot water will appear to be for a trusted brand such as a newspaper or supermarket. Originally, that’s exactly what it was. Unfortunately, the increasing skill at which media networks tailor ads to the individual, as explained by Investopedia means that auto-redirects are a bit of a honey pot even for experienced users. After all, lots of us respond to adverts for products and services that interest us. There’d be no point to advertising, otherwise.
Statistically, auto-redirects make up almost half of all malware attacks on the internet. This is partly due to the ease at which they’re deployed but also due to ad companies’ lack of response to a growing threat. Hacker collective Tag Barnakle doubled the number of servers under its control between 2020 and 2021, from 60 to 120, a figure that makes it appear that the group operates with impunity in the advertising space. Financially, the cost of auto-redirects to ad publishers themselves is around $210m per year.
But what can be done about such an insidious threat? Auto-redirected content isn’t as well-known online as other malicious attacks like viruses and phishing scams so the amount of information devoted to it is appropriately low. Making matters worse is the fact that auto-redirect ads usually require some kind of technological response to fix, either by ‘cleaning’ the infected ad server of its digital malady, or by leveraging advanced browser functions in Chrome, Safari, Edge, or Firefox.
Google Chrome added functionality to block ad-derived redirects in 2017, for example. However, this update only prevented adverts from interfering with a website’s operation, i.e. it stops rogue content sending users elsewhere even if they haven’t clicked on anything yet. Actually interacting with an infected advert could, in theory, still put visitors at risk. Chrome does block phishing sites and pages that have suspected malware automatically, though, albeit with an option to overrule its warnings.
Routing through a secure DNS, like those listed at makeuseof.com, can improve your computer’s chances against the internet’s various villains. The DNS or Domain Name System is the internet’s address book. It connects written requests to visit the Google search engine page (for example) with a numerical value that the internet can understand. A good example of the latter could be something like 18.104.22.168, which is exactly what you’d have to type into your browser if the DNS was never invented. It’s a time-saver.
Using a secure DNS means that requests to travel around the internet are protected from the same kind of malicious redirects discussed throughout this article. This extra safeguard is especially critical for any business that is built on large networks, and bespoke solutions such as web application firewalls exist simply to protect DNS traffic from intrusion (among other things).
Redirected? Protect Yourself
Much of the advice given out to internet users by security experts boils down to one thing – common sense. Statements such as ‘if it looks too good to be true, it probably is’ are some of the best rules to live by online, along with even more superstitious guidelines like trusting your instincts. It might sound overly simplistic but there’s nothing that says that internet scams have to be sophisticated or even camouflaged.
Phishing attempts from ‘PayPal’ or ‘Netflix’ are notorious for including poor spelling and grammar, for instance. If you have clicked on an advert for a summer dress or a Dungeons & Dragons book and found yourself somewhere else entirely, you should close the browser tab straightaway.
For the sake of completeness, though, a few telltale signs of a malicious website include things like unsecured URLs to incorrect domains or subdomains (‘payplal.com’ or ‘mysite.paypal.com’) and, as mentioned, unusual grammar. Oddly enough, this is usually deliberate, as it tests the intended victim’s gullibility. Finally, you can also try hovering your mouse (don’t click!) over any links included on a suspicious website or email. Your browser will tell you exactly where the link goes in the bottom left of the screen.
Discussing online safety and scam awareness can feel paradoxical, as, while computer literacy is climbing and more and more people become aware of fraudulent behavior, malicious actors continue to find success conning innocent web users out of their money. The United States Federal Trade Commission (FTC) received 2.2m fraud reports in 2020, worth a total of $3.3bn in stolen property. The latter figure represents a rise of $1.5bn in stolen cash, with 34% of total victims reporting a financial loss.
Online safety and security do not have to be a chore. Granted, auto-redirected adverts are an increasing concern even for people who only visit familiar websites but criminals’ often blatant attempts to scam any lost web users should be – and usually is – their undoing. There’s perhaps still a lot of work to do to help the elderly and other vulnerable groups in particular stay safe on the internet.