Various phishing campaigns that aim to deceive thousands of victims, pose as coming from FedEx and Microsoft accounts, among others.
Researchers have discovered that attackers are using the American Express and Snapchat domains to phish people’s credentials and personally identifiable information (PII) by taking advantage of a well-known open redirect flaw. Researchers from INKY said in an online blog post that they observed two distinct campaigns between mid-May and late July in which threat actors impersonated FedEx, Microsoft, and other brands.
Attackers used redirect flaws that affected the American Express and Snapchat domains; the former was eventually patched, but the latter is still not, according to researchers. The vulnerability, known as CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’), is widely known and tracked.
For more such updates follow us on Google News ITsecuritywire News