What to do if a website redirects to phishing site​

When a website unexpectedly redirects to a phishing site, a user’s immediate actions are critical. The first step is to close the browser tab or window immediately without clicking on anything or entering any information. This simple action can prevent malicious scripts from running or tricking the user into compromising their data. Afterward, it is essential to clear the browser’s cache and cookies, run a comprehensive malware scan on the device, and report the incident to help protect others.

Navigating the internet should feel safe, but encountering a malicious redirect can be jarring. Understanding the right steps to take not only resolves the immediate threat but also secures a person’s digital environment for the future. Here is a more detailed guide on what to do.

Immediate Steps to Take

The moments after a redirect are the most important. The primary goal is to contain any potential damage and remove oneself from the dangerous environment.

1. Close the Browser Immediately: Do not hesitate. The phishing page may have pop-ups or alerts designed to cause panic and trick a user into clicking. Interacting with the page in any way, even to click a “close” button on a fake pop-up, can be risky. Use the “X” on the browser tab or window, or use a keyboard shortcut like Alt+F4 (on Windows) or Cmd+Q (on Mac) to close the entire browser if needed.
2. Do Not Enter Any Information: Phishing sites are designed to steal personal data. They often mimic legitimate login pages, banking portals, or online stores, asking for usernames, passwords, credit card numbers, or other sensitive details. Never enter this information on a site you were redirected to unexpectedly.
3. Disconnect from the Internet (Optional): For those who want to be extra cautious, temporarily disconnecting the device from the Wi-Fi or unplugging the Ethernet cable can be a good step. This ensures that if any malware was downloaded in the background, it cannot communicate with its command server or spread to other devices on the network.

The Cleanup and Prevention Phase

Once the immediate threat is gone, the next phase involves cleaning the system and taking steps to prevent future incidents.

1. Clear Browser Cache and Cookies: Malicious websites can leave behind trackers, cookies, or cached files that could cause the redirect to happen again or track a user’s activity. Go into the browser’s settings and clear all browsing data, specifically focusing on cached images and files, and cookies and other site data.
2. Run a Full Malware Scan: A redirect isn’t always the fault of the website; it can be a symptom of malware or adware already on the user’s computer. This malware can hijack browser sessions and force redirects to phishing pages. It is crucial to use a reputable antivirus or anti-malware program to run a full, deep scan of the entire system and remove any threats it finds.
3. Change Relevant Passwords: As a precaution, it’s wise to change the password for the website the user was originally trying to visit. If the same password is used on other sites (a practice that should be avoided), those should be changed as well, starting with critical accounts like email and banking.

Understanding Why It Happened and How to Report It

Knowing why a redirect occurred can help a person be more vigilant in the future. There are generally two main causes:

• The Original Website Was Compromised: Hackers can inject malicious code into a legitimate website, causing it to redirect visitors to a phishing page. In this case, the website owner may not even be aware of the problem.
• Malware on the User’s Device: As mentioned, adware or other malware on a person’s computer can intercept internet traffic and force redirects, regardless of which site they are visiting.

To help protect the wider internet community, a user should report the incident. They can:

• Report to Google Safe Browsing: This helps Google flag the site as dangerous, protecting future visitors who use Chrome, Firefox, and Safari.
• Notify the Original Website’s Owner: If possible, contact the owner of the legitimate website that initiated the redirect. A quick email can alert them that their site has likely been hacked.
• Report to the Anti-Phishing Working Group (APWG): This organization compiles data on phishing attacks to help fight cybercrime.

By staying calm and following these methodical steps, anyone can effectively handle a redirect to a phishing site, minimizing the risk and helping to make the internet a safer place for everyone.