Definition of the Day: Bait and Switch Hacking

Home / Resources / Definition of the Day / Definition of the Day: Bait and Switch Hacking

Bait and switch hacking is a technique on the rise due to the explosion of internet-based content marketing. A bait and switch attack occurs when victims are told they are downloading or running a piece of safe and legitimate content or advertising which is then switched (usually by way of a redirect) to something malicious.

Up to this point in time the most common vector of this technique has been through internet advertising networks.

It works like this:

  • The hacker buys advertising on a network or popular website.
  • The hacker then submits a ‘safe’ and nonmalicious advertisement to the network which is then approved.
  • Once approved, the hacker then switches the link or actual advertising content to something malicious.
  • Then, the damage is done. To avoid detection by the advertising network, the hacker often also redirects the malicious link back to the good link of the link is clicked on by an IP address originating from the advertising network. This makes it very hard for the advertising network to detect this type of hack.

    Another variant on bait and switch attacks centers around free internet content like whitepapers. Often this type of publicly distributed free content contains a licensing clause that allows one to reuse the content, provided the original download link remains. This results in the malicious content being more widely distributed by unsuspecting users.

    Moral of the story. Do not distribute any internet content containing links you do not directly control.