The FBI is warning Las Vegas residents and businesses about a growing cyber threat that can quietly redirect internet users from legitimate-looking websites to phishing pages, scam offers, or malware downloads. Federal investigators say the tactic relies on sophisticated redirect networks that operate largely out of sight and can bypass many basic security protections.
The alert comes from the FBI’s Internet Crime Complaint Center, or IC3, and was amplified locally by the FBI’s Las Vegas field office as the advisory was released nationwide.
Warning
According to the FBI, cybercriminals are using tools known as traffic distribution systems, or TDSs, to control where users are sent after clicking a link, search result, or download button. While the initial website may appear harmless, the underlying redirect chain can funnel certain users to malicious destinations.
The FBI says these systems collect detailed information about visitors, including IP address, device type, operating system, browser, and geographic location. Based on that data, the TDS decides whether to send the user to a legitimate page or to a phishing site, scam login screen, or malware installer.
Federal officials warn the same techniques have been linked to ransomware attacks and financial fraud schemes.
Technique
The IC3 says malicious TDS operations often rely on layers of intermediate servers that obscure the final destination of a click. This structure allows the scam to evade firewalls, reputation-based filters, and automated detection tools.
Investigators note that users are frequently routed into these redirect chains through compromised websites, manipulated search engine results, online ads, or social engineering messages. In many cases, victims are unaware anything unusual has happened until credentials are stolen or malicious software is installed.
Research
Cybersecurity researchers say these schemes are difficult to detect because they selectively target users. Check Point Research has documented cases where fake download websites ranked highly in search results and used cloud-hosted JavaScript code to intercept download clicks.
In those cases, the script handed users off to a TDS, which then determined whether to deliver a clean file or malware. Some users saw nothing suspicious at all, while others were infected.
That selective behavior makes it harder for researchers and law enforcement to identify and shut down malicious infrastructure.
Local
Security analysts say Las Vegas businesses may be particularly exposed due to the city’s heavy reliance on online booking, retail, and service platforms. Palo Alto Networks’ Unit 42 reports that malicious TDS activity often uses long redirect chains and interconnected infrastructure that can survive even after individual domains are blocked.
Small businesses that rely on content management systems, third-party plugins, or outdated software may face increased risk if security updates are delayed or administrative credentials are weak.
The FBI notes that local warnings typically follow real-world victim reports. Las Vegas has recently seen other cyber-enabled scams, including fake kidnapping and extortion schemes, prompting federal alerts.
Protection
The FBI recommends that users treat unexpected redirects as a warning sign rather than a technical glitch. Officials advise avoiding unfamiliar ads and download links, closely checking URLs before entering login credentials, and keeping operating systems, browsers, and plugins fully updated.
Businesses are encouraged to audit website hosting accounts, review administrative access, enable multi-factor authentication, and monitor for suspicious scripts or redirects. The IC3 also recommends reviewing file association settings that could automatically execute malicious code.
Anyone who believes they have encountered or been affected by a redirect-based scam is encouraged to file a report with the Internet Crime Complaint Center or contact their local FBI field office.
Federal investigators say reporting these incidents helps them identify patterns, map malicious networks, and disrupt ongoing campaigns.
FAQs
What is a traffic distribution system?
A system that redirects users to different websites based on data.
Why is the FBI warning Las Vegas residents?
Agents say active scams are affecting local users and businesses.
How do these scams usually start?
Often through ads, search results, or compromised websites.
What is the main risk to users?
Phishing, malware infection, or stolen credentials.
How can incidents be reported?
By filing a complaint with the FBI’s IC3 website.
