is that a scam?
← Back to all scams
HIGH phishing Share

Clicking a search result silently redirects you through hidden chains to a phishing or fraud site

Criminals abuse traffic-distribution systems (TDS) to redirect victims through invisible chains when they click a normal-looking search result, ad, or compromised website, delivering tailored phishing pages, fake login portals, or malware.

Also known as: malicious TDS redirect, traffic distribution system scam, SEO poisoning redirect, malicious ad redirect fraud, browser redirect to phishing

What to do right now

  1. 1 If you entered login credentials on a redirected page, change those passwords immediately from a clean device and enable MFA on the affected accounts
  2. 2 If you downloaded anything after being redirected, disconnect from the internet and run a full antivirus scan before reconnecting
  3. 3 For banking, government, or healthcare sites, type the URL directly into your browser address bar — never rely on clicking a search result or sponsored ad
  4. 4 Use a browser with real-time phishing protection (Chrome's Safe Browsing, Edge's SmartScreen) — these warn when TDS chains resolve to known malicious destinations
  5. 5 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
  6. 6 Report to the FTC at https://reportfraud.ftc.gov and the FBI's IC3 at https://www.ic3.gov.

Was remote-access software installed?

If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.

Run SeraphSecure to detect and remove it →

Red flags

  • Your browser's address bar shows a different URL than the link you just clicked — you were silently redirected through an invisible chain
  • A page briefly flashes white or grey before you land on an unexpected website asking for your login credentials
  • A search result for a familiar brand (your bank, the IRS, a healthcare portal) lands you on a site that looks identical to the real one but has a slightly different URL
  • A sponsored advertisement for a service you regularly use deposits you on a page harvesting your personal or financial information
  • A website you regularly visit suddenly redirects you to a tech-support warning, a prize notification, or a security alert — the site itself may have been compromised

Sources

Share this with someone who might need it