Made public on the week of Black Friday, security researchers disclosed a vulnerability in AliExpress.com, a popular online retail service owned by Alibaba and patronized by over 100 million customers worldwide. The online shopping portal was found to have an open redirect vulnerability that could have allowed attackers to display a fake coupon designed to phish sensitive information from shoppers who viewed it. AliExpress took action and fixed it within two days of notification.
The security researchers who devised an exploit technique for the vulnerability noted that AliExpress uses only a simple method to stop such attacks. This method involves checking the referer header of the request. If the referer was not set or was incorrect, the request would be denied by the server. A referer is an HTTP header that identifies the URL of the webpage where the request was requested from.
Defending Against Phishing Attacks
As the shopping season rolls around, attackers are expected to roll out their phishing tactics to take advantage of the holiday rush.If you suspect that you have fallen victim to a phishing scam, immediately change passwords and PINs on all of your accounts.
Here are other tips on how to spot and avoid phishing scams:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.