Web Hosting Temporary URLs Abused in Phishing Campaigns
Security Update : Cyber-criminals running phishing campaigns have added a new trick to their operations and are now using temporary URLs set up by Web hosting companies, which under normal circumstances should not exist more than a few days.
When a user buys a shared Web hosting package, some companies will set up the user’s account at the URL: http://hosting-company-server-name.com/~username.
As soon as the user adds a domain to his account, the main domain should supersede this URL, which should be deleted, at least in theory. According to security firm Sucuri, some hosting providers don’t.
Attackers that manage to hack a client running on a shared Web hosting provider, and then escalate their access to the nearby clients or the hacked server itself, will have access to a large number of possible phishing URLs by default.
If the Web hosting provider doesn’t delete the aforementioned… (read more)