If your browser in Las Vegas suddenly whisks you from a harmless-looking page to a sketchy login screen or a too-good-to-be-true offer, the FBI says that might be more than just a random glitch. Federal agents are warning that cybercriminals are quietly using sophisticated redirect networks, known as traffic distribution systems or TDSs, to funnel unsuspecting users toward phishing pages, scam pitches and malware downloads.
The FBI says these redirect chains can slip past many common firewall rules and have already been used in operations that ended with ransomware infections or other financial scams. The Las Vegas field office amplified the national alert on social media as the advisory went public.
RT @FBICyberDiv: Today the FBI released a #PSA warning the public about cyber criminal use of traffic distribution systems (TDSs) to gain a… https://x.com/i/status/2067748829164609585
— FBI Las Vegas (@FBILasVegas) June 18, 2026
What The FBI Warned
According to the FBI's Internet Crime Complaint Center (IC3) Public Service Announcement, operators of malicious TDSs collect details like a visitor's IP address, operating system, location, device and browser. Victims are then routed through layers of intermediate nodes that hide where the traffic is really headed.
The PSA explains that this kind of routing can be used "to gain access to victim networks for ransomware or other financial scams," and that the end result for many users is a phishing page or a booby-trapped installer. The FBI notes that social engineering, search engine poisoning and already compromised websites are among the most common ways people get funneled into these redirect chains in the first place.
How TDS Schemes Hide In Plain Sight
Security researchers have tracked how TDS operators bury their infrastructure behind websites that look mostly legitimate, including fake download portals for popular open-source tools that manage to score high in search results.
Check Point Research found that one such setup used a CloudFront-hosted JavaScript "staging" script to intercept a user’s download click, then quietly hand it off to a TDS. From there, the TDS decides whether to serve a harmless file or a malware payload based on the user’s fingerprint.
That kind of selective gating, where some people see benign content while others get infected, makes malicious campaigns harder to detect and takedown efforts less effective. To many users, everything looks normal until it very much is not.
Why Las Vegas Users And Businesses Should Care
Analysis from Palo Alto Networks' Unit 42 shows that malicious TDS activity often includes longer-than-normal redirect chains and highly connected infrastructure. Those traits help malvertising and SEO poisoning operations stay alive even when individual domains get blocked.
Small businesses are especially exposed if they run content management systems, third-party plugins or online ordering platforms and then leave weak admin passwords in place or skip security updates, Unit 42 warns. In a city full of hospitality, retail and service outfits that live and die by their websites, that risk is not abstract.
Las Vegas has seen this kind of thing before. Local agents recently warned residents about fake "proof-of-life" kidnap scams, a reminder that when the feds speak up, it is usually because they are seeing real victims. For earlier context on that trend, see Vegas Feds Sound Alarm. With TDS activity, the message is similar: treat strange redirects as a serious warning sign, not just an internet quirk.
How To Protect Yourself
The FBI is pushing straightforward defenses. Be cautious about clicking on ads or search results, especially for downloads. Hover over links to see where they really go before you commit. Keep your operating system and website plugins patched and current. Turn on two-factor authentication wherever you can. For public-facing sites, use reputable security plugins or a web application firewall.
Businesses are urged to audit hosting accounts and admin logins, tighten authentication, and keep an eye on endpoints for suspicious scripts. Administrators should also consider changing default file associations that can automatically execute JavaScript, in line with guidance from the IC3.
If you suspect your system or website has been caught in one of these redirect chains, the FBI wants to hear about it. The bureau asks victims to file a complaint with IC3 or contact their local FBI field office so investigators can track and disrupt the underlying TDS infrastructure.
The bottom line for Las Vegas internet users is simple: a single ordinary-looking click can secretly kick off a redirect chain that ends with stolen credentials or malware on your device. Stay wary of unfamiliar download sites and aggressive ads, keep your software updated and report anything that feels off so authorities have a better shot at mapping and shutting down these networks.
