Open Redirect Issue Ensnares Amex & Snapchat User Data!

Separate phishing campaigns are targeting 1000s of victims impersonating FedEx & Microsoft, among others, to fool victims.

Attackers are exploiting a well-known open redirect flaw to phish  credentials & personally identifiable information (PII) using American Express & Snapchat domains, researchers have discovered.

Threat players impersonated Microsoft & FedEx among other brands in 2 different campaigns, which researchers from INKY observed from mid-May until late July, they stated in a blog post published online.

Redirect Vulnerabilities

Attackers took advantage of redirect vulnerabilities affecting American Express & Snapchat domains, the former of which eventually was patched while the latter still is not, researchers explained.

Open redirect is a  type of security vulnerability that happens when a website fails to validate user input, which then allows bad players to manipulate the URLs of domains from legitimate entities (with good reputations) to redirect victims to malicious sites, researchers outlined. The vulnerability is well known & tracked as CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’).

Domain Name

“Since the first domain name in the manipulated link is in fact the  original site’s, the link may appear safe to the casual observer,” INKY’s Roger Kay explained in the post.

An example of the malicious redirect domain is: http[://]safe[.]com/redirect?[url=http:]//malicious[.]com. The trusted domain, then—in this case, American Express or Snapchat—is used as a temporary landing page before the victim of the campaign is redirected to a malicious site.

Phishing E-Mails

During the 2 & a-half-month period over which the campaigns were observed, researchers detected the snapchat[.]com open redirect vulnerability in 6,812 phishing emails originating from various

Read more

Explore the site

More from the blog

Latest News