Recent research exposed a phishing campaign targeting top U.S. executives' Microsoft 365 accounts, exploiting open redirects on Indeed's job website.
Recent research exposed a phishing campaign targeting top U.S. executives' Microsoft 365 accounts, exploiting open redirects on Indeed's job website.
To bypass multi-factor authentication (MFA) mechanisms, the threat actor uses the EvilProxy phishing service, which can collect session cookies.
This phishing campaign targets executives and high-ranking employees across various sectors, including electronic manufacturing, banking and finance, real estate, insurance, and property management.
In a redirect, visitors are directed automatically to another website, typically a third-party website. An open redirect is a weakness in the website code that allows for the creation of redirections to arbitrary locations, as used by threat actors to redirect to phishing sites.
Because the link comes from a trusted party, it can bypass email security measures or be promoted on search results without raising suspicion. Menlo Security discovered that threat actors exploited an open redirect on indeed.com, the American job listings website.
The targets appear to receive emails containing an indeed.com link that appears legitimate. When the URL is accessed, it redirects the user to a phishing site, acting as a reverse proxy for the Microsoft login page.
Using reverse proxies to facilitate communication and relay user information between the target and the genuine online service, in this case, Microsoft, EvilProxy provides phishing services as a service. A threat actor can capture authentication cookies from a user who accesses their account through this phishing server, which mimics the authentic login page.
As users have already completed the MFA (multi-factor authentication) steps during login, the acquired cookies allow cybercriminals full access to the victim's account.
Unfortunately, the utilization of reverse proxy kits for phishing is on the rise, and when combined with open redirects, it amplifies the effectiveness of a campaign.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?