Please provide the following information when reporting redirects. These items will help our security team get the whole picture and allow them to place a block much quicker.

  1. URL where the user was redirected from
  2. Device, OS, browser used during the redirect session
  3. Location and approximate date/time of the user
  4. Landing page and a screen capture of the page they were redirected to

Why all the details?

#1 - is important because it gives the security team a starting point to recreate the redirect condition.

#2 - is important because it helps the security team replicate the environment that the redirected user was in. Sometimes these bad actors target specific devices, browsers and OS's also desktop vs. mobile.

#3 - is helpful because the bad actors will often geo-target the user or have specific dates for an attacking campaign. The date and time are also key because its possible we may have blocked this attack somewhere else and either your attack happened before we blocked it or worse after. If it is after then there is likely a hole in the patch meaning certain demand isn't being scanned and then we can address this.

#4 - allows us to see what ultimately happened. This gives us intel on whether or not the bad actors changed their methods to evade us and helps us identify which bad actor is responsible for which attacks. Different bad actors use different creatives, landing pages, and techniques to trick users into giving them information.