Social engineering is the art of lying or getting people to do something different than what they would do under normal circumstances. While some refer to this as neural linguistic programming, it is really nothing less than fraud. The user must not only trust the site that they are being sent to, but also the vector that drives them there (e.g. e-mail, IM, forum, and so forth). That can be a significant obstacle, but for a phisher, the solution is often found in a complex link that appears to be valid, but in reality is hiding a malicious URL.

The most common way to redirect users is through a redirection on a benign site. Many Web sites use redirection to track users. For example, a normal user will access their "innocent" site, see something interesting, and click on a link. This link takes the users browser to a redirection script, which then tracks that the user is exiting the site from the clicked link, and finally redirects them to the external resource.

There are three main forms of redirection:

• Header Redirection Can use a number of different response codes, but essentially uses the underlying Hypertext Transfer Protocol (HTTP) protocol to send the user's browser to the intended target.

• META Redirection Uses an HTML tag to forward the user to the target. Works in the same way as header redirection, except that it has the advantage of being able to delay the redirection for some amount of time...