Home New phishing campaign uses open redirect flaw

New phishing campaign uses open redirect flaw

Aug 8 — Separate phishing campaigns targeting thousands of victims are impersonating well known brands, like FedEx and Microsoft, among others, to deceive victims.

At present, attackers are exploiting a well-known open redirect flaw to phish people’s credentials and personally identifiable information (PII) using American Express and Snapchat domains, according to cyber security researchers.

Open redirect is a security vulnerability that occurs as a website fails to validate user input, allowing bad actors to manipulate the URLs of domains from legitimate groups with good reputations, redirecting victims to malicious sites. This vulnerability is tracked as CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’).

“Since the first domain name in the manipulated link is in fact the original site’s the link may appear safe to the casual observer” explained a cyber security researcher.

For more information on this phishing scheme, see here. Lastly, to receive more timely cyber security news, top-tier reports and cutting-edge analyses, please sign up for the cybertalk.org newsletter.