Phishers (and I’m sure marketing jerks too) love universal redirects. A universal redirect is when you visit a url that looks like one domain and it redirects you to a different site. They have their purpose, but if a site doesn’t implement protections properly it could be brand damaging. Especially in markets like finance where trust is very important, any erosion of trust can be very costly. The examples I’m about to provide can be prevented by having your website audited regularly.

The reason that phishers get away with what they do is that it’s easy to mimic the look and feel of a site, which builds your trust. We see a logo and certain colors and we respond appropriately. Companies put a ton of money into building these brands only to have that power used against them.  Now people are getting leery about clicking on just any link in an email or website, so if phishers can make it appear like you are clicking on a valid link and then whisk you away to their evil site all the better for their con.

So for a quick example. Let’s say example.com wants to keep track of who clicks on their partner site link. They might have something like.

http://www.example.com/redirect.cfm?siteURL=http://www.ngenuity-is.com

When you click on that link in theory it would record your entry in a log file and send you to ngenuity-is.com

Stop talking and get to Dave Ramsey already:

The reason I bring up daveramsey.com is because they have a similar redirect, are in an industry where trust is very important and have tried to put protections in place to prevent what I’m talking about here. If you mouse over the left hand navigation you will see that a few of the links go to a page that looks like this.

http://www.daveramsey.com/redirect/redirect.cfm?strPath=…

Dave’s team of crafty website ninjas figured that phishers would love to direct themselves anywhere so if you try and put in your own website after strPath it will just redirect back to the main site. That is where the trusty null byte comes in handy. Slipping in a single byte into the link and you have yourself a working universal redirect.

Example: http://www.daveramsey.com/redirect/redirect.cfm?strPath=%00http://www.ngenuity-is.com

The end.