Ethical Hacking 06: Bait and Switching Attack

  /     /  

legit link, content something, bait switch, ads content, original link, switch attack

One of the most interesting on hacker skills is called Bait and Switch.

Bait-and-switch is a type of computer hack utilized in online sales yet additionally utilized in different contexts. In the first place, customers are victims of bait by sponsor ads' advertising products or services at a cheap price, however when customers visit the online shopping store (eCommerce), they find that the contextual advertising are not accessible, or the customers are forced by the sales representatives to consider comparative, yet more extravagant things Switching.


In these lessons:

  1. The Secrecy Of A Fake Wireless Access Points
  2. Web Cookie Stealing Attack
  3. Malicious URL Redirects Hosted File
  4. Computer File Location
  5. Waterhole Hacking Attack
  6. Bait and Switching Attack


It is common for malware publishers to place ads space on the website. When confirming the purchase order, are shown a legit link. The website approves the incoming ads and takes the money.

The bogus guy switches the link ads content with something more malicious. Often they will put a  new malicious code on the website to activate the URL to redirect viewers back to the original link, if clicked already by someone from an IP address belonging to the server

The most interesting bait-and-switch attacks I've ever seen as of late involve bogus guys who create "open, free, or reusable" content that can be downloaded free of use.

Think embedded counter visitor from the webpage. Often these elements contains a term of use, like "May be freely reused as long as the original link remains!".

Users unaware use the link, leaving the legit link. Normally the legit link contains only a mockup content or something different.

Later on, the bogus element has been included in thousands of websites, the original malicious hacker changes the harmless content for something more malicious, e.g.: harmful hot links or URL redirects made in JavaScript.


Hacking Tips

Beware of any link to any ads content that you have no control or familiar of the advertisers/publishers, because it can be switched out on a moment's notice without your consent.