Early this year, phishing campaigns aimed at Microsoft 365 users exploited open redirect vulnerabilities affecting the American Express and Snapchat websites, according to email security firm Inky.
Since the impacted website does not validate user input, open redirect flaws exist. This enables threat actors to manipulate URLs to direct users to malicious sites. The user might believe the manipulated link is safe because it has a reliable domain name. The trusted domain, however, is only employed as a landing page.
Inky noticed about 7,000 phishing emails that came from various hijacked accounts and tried to take advantage of the open redirect in snapchat[.]com between mid-May and late July.
For more such updates follow us on Google News ITsecuritywire News