The Federal Bureau of Investigation (FBI) recently issued a warning to American citizens to be vigilant before clicking on online advertisements. Criminals are using Traffic Distribution Systems (TDS) to redirect users to fraudulent websites.
According to a public service announcement released by the FBI on the 18th, a Traffic Distribution System is a system responsible for directing internet traffic, acting as an intermediary between web page links and the final destination website.
The announcement stated that criminals use TDS to redirect users to other websites after they browse web pages, click on ad links, register for promotions, or download applications.
“FBI stated that “Criminals use TDS to selectively redirect users to hacked or fake log-in sites, which may have phishing pages for financial scams or trick users into downloading updates carrying malicious software.”
Criminals can guide users to TDS networks in various ways, such as placing links in phishing emails or using Search Engine Optimization (SEO) to make scam ad links of counterfeit legitimate websites appear at the top of search results.
Furthermore, they may hack into legitimate websites, modify website code, and redirect visitors to TDS.
Once criminals obtain victim data, this information “might be sold to other cybercriminals, including ransomware gangs,” according to the FBI.
The FBI pointed out that criminals also exploit TDS to bypass traditional firewall systems that could intercept malicious websites.
In addition, TDS collects users’ IP addresses, location, device information, browser data, and operating system information, and uses this information to filter attack targets. As a result, criminals can show “safe content” to attack targets they consider unwelcome, such as security researchers, to evade detection.
According to a report released by the cybersecurity research company Insikt Group on March 19th, TDS can deliver malicious programs while evading detection, making it a vital tool for modern cybercriminal activities.
The FBI advises the public to regularly update software, enhance log-in security measures, and only install third-party plugins from trusted developers.