Website Redirect Detection
A common practice of a phishing website attack technique is to redirect users to the official website after stealing their PII/personal information so as not to raise suspicion. The Phishing Watch detects scenarios where users are being redirected to the official company website from a suspicious or unknown domain.
The following steps illustrate how the Phishing Watch works when a website redirect is made:
- The snippet launches each time the webpage is loaded/refreshed.
- When the snippet identifies a non-formal, suspicious website (by inspecting the URL of the webpage), it reports the suspicious URL back to Threat Command servers in a stealthy, low footprint manner.
- The Threat Command phishing detection algorithm determines whether the reported website could be used for phishing.
- The snippet's whitelist excludes cases where it may be operating on the organization's official website.