📚 Web Hosting Temporary URLs Abused in Phishing Campaigns
💡 Newskategorie: IT Security
🔗 Quelle: news.softpedia.com
Cyber-criminals running phishing campaigns have added a new trick to their operations and are now using temporary URLs set up by Web hosting companies, which under normal circumstances should not exist more than a few days. When a user buys a shared Web hosting package, some companies will set up their account at the URL: http://hosting-company-server-name.com/~username. As soon as the user adds a domain to their account, the main domain should supersede this URL, which should be deleted, at least in theory. According to security firm Sucuri, some hosting providers don't do so. Attackers who manage to hack a client running on a shared Web hosting provider and then escalate their access to the nearby clients or the hacked server itself will have access to a large number of possible phishing URLs by default. If the Web hosting provider doesn't delete the aforementioned... ...