top of page
Search

FBI warns of tactics redirecting users to scam websites

A sophisticated and nearly invisible cyberattack method, involving a technology called Traffic Distribution System (TDS), is being utilized by cybercriminals to trap Internet users. In response to this situation, the US Federal Bureau of Investigation (FBI) has issued an urgent advisory to help the community identify and prevent the risk.

Hackers' invisible routing stations

Fundamentally, a TDS is a completely legitimate technological solution, commonly used by businesses to manage and route user traffic on websites. This system acts as an intermediary, situated between the user and the website they intend to visit. When you click on a link, register for a promotion, or download an application, the TDS silently decides which subsequent page you will be redirected to.

However, when falling into the hands of malicious actors, a TDS becomes a dangerous weapon. Hackers exploit this silent redirection process to force users to visit spoofed websites, phishing login portals, or addresses containing malware without the victims' knowledge.

According to a report published by the FBI on June 18, 2026, this attack vector is increasingly on the rise and has become a threat to both individual users and businesses of all sizes.
Hackers exploit this silent redirection process to force users to visit spoofed websites, phishing login portals,...
Hackers exploit this silent redirection process to force users to visit spoofed websites, phishing login portals,...

The ability to bypass security barriers

What makes TDS-based attacks particularly dangerous is the sophistication involved in covering their tracks. Instead of directing users straight to a malicious website, the system routes the victim through a series of intermediary steps. This process occurs in just a few seconds and is completely silent, making it exceedingly difficult for both users and standard security scanners to detect in a timely manner.

Furthermore, malicious TDS systems possess the ability to meticulously filter visitors. Before deciding whether to redirect a user to a scam trap, the system silently collects information regarding their IP address, geolocation, operating system, and browser type.

Thanks to this filtering capability, hackers can:

  • Ignore users who fall outside their targeted demographic.

  • Display completely clean and safe content when detecting security experts or scanning tools conducting inspections.

It is this exact precision that has helped cybercriminal groups, particularly those distributing ransomware, evade traditional security barriers.

Trapping pathways and severe consequences

To lure users into the TDS "maze," cybercriminals do not rely on a single method. They combine various tactics such as sending phishing emails, manipulating search engine results, or hijacking legitimate, reputable websites to turn them into traps.

Once redirected to malicious websites controlled by hackers, the resulting consequences can be severe:

  • Users' devices may be infected with dangerous malware.

  • Login credentials and personal accounts may be stolen through spoofed pages.

  • Access privileges to organizational networks may be resold to ransomware groups to execute large-scale extortion campaigns.

Once redirected to malicious websites controlled by hackers, the resulting consequences can be severe.
Once redirected to malicious websites controlled by hackers, the resulting consequences can be severe.

How to protect yourself against the new wave of attacks?

To mitigate the risks associated with these malicious routing systems, the FBI has issued specific recommendations for both target groups.

For individual users

  • Carefully check the website address (URL): Always closely observe the address bar before clicking on any suspicious advertisements or links, as phishing addresses are often designed to look nearly identical to the authentic websites.

  • Enhance account security: Enable Two-Factor Authentication (2FA) and use strong, unique passwords.

  • Continuously update systems: Ensure that software, applications, as well as website extensions (plugins) are always updated to the latest versions to patch security vulnerabilities.

  • Use supportive tools: Install a Web Application Firewall (WAF) to block malicious traffic before it reaches the device.

For organizations and businesses

  • Strictly monitor systems: Track unusual activities of scripts on endpoints, paying special attention to files with extensions such as .js, .ps1, or .svg.

  • Conduct periodic checks: Regularly review web hosting administrator accounts and Content Management Systems (CMS).

  • Raise awareness: Organize training sessions so employees are capable of recognizing social engineering tactics and spoofed emails.

Reference: Cyber Security News

Comments

follow ipsip vietnam.png
40051abd5a76713af8f015988fc6780e-blue-phone-icon-with-a-wave-on-it.webp
whatsapp-mobile-software-icon-png-image_6315991.png
pngtree-minimal-calendar-icon-vector-png-image_21233134.png
IPSIP logo transparent.png

IPSIP VIETNAM ONE MEMBER LIMITED LIABILITY COMPANY (IPSIP VIETNAM OMLLC)

Tax code: 0313859600

🏢 SH05.01, B4 Street, Saritown Area, An Khanh Ward, Ho Chi Minh City, Vietnam

​☎  +84 918 397 489

  • Linkedin
  • Facebook
  • TikTok
  • Email liên hệ
png-clipart-iso-iec-27001-information-security-management-iso-iec-27002-international-orga
soc 2 type ii

Our Services

Solutions for SMEs

SOC 24/7

NOC 24/7

IT Support

Cloud Security

Sign up to receive in-depth cybersecurity documents and news from IPSIP Vietnam.

bottom of page