Cyber Criminals Attacked in a Phishing Campaign!

All of us know that Cybercriminals always move around in search of getting some confidential data to bargain with someone innocent in greed for monetary gains. You can easily see events happening day by day that may put you in hard concern because of a little data breach.

Sometimes the attacker may not come in contact to provoke you but the attack could be a provocation that has been in action to turn the tables upside down for you. How is it even possible that you are the target but they’re not after you while targeting you indirectly?

False Accusations may fall on the innocent but the criminal that raided the innocent’s network could be hiding somewhere dark while laughing at the situation. Let’s hear about the latest attack that was taken in action to provoke many novelties/ Brands/ Companies.

Snapchat and Amex Website Became the Part of a Phishing Attack

Open Redirects have been exploited by Attackers on sites such as Snapchat and Amex. All this was just part of a Phishing Campaign. Moreover, this isn’t the first time something like this has happened. But what is Open Redirect, and how does it help attackers to attack websites?

Open Redirect

It happens when a site lets any unknown user specify a redirect URL with free will. Moreover, it gives them the possession of transferring traffic.

Process of Phishing Attack

The attack was similar to any other email attack that happened in the past. However, there could be chances of some difference that you might see in this attack. Let’s see how it happened.

  • Between May and July, adversaries were observed sending phishing emails which then caused open redirects on websites that were Amex and Snapchat.
  • There you’ll see that the domains will look like a usual landing page but on the backside, it would be for a temporary time. Victims will be sent to the malicious sites where they were directed by the landing page they were at.
  • For individualization between every target, attackers put PLL into the URL so the malicious sites could be easily customized according to the target they want to indulge.
  • It was seen by the researchers of INKY that there was the existence of snapchat[.]com open redirect bug in 6,812 Phishing Emails, and americanexpress[.]com bug in 2,029 Phishing Emails.
  • Basically, these Snapchat-related Phishing Emails were disguised as Microsoft, DocuSign, and FedEx. So, catching them red-handed wasn’t possible. These open redirects led the victims to Microsoft Credential Harvesting Pages.
  • In the earlier Phases of the Campaign, the Amex Link that was jeopardized went to Microsoft Credential Harvesting Pages. However, Amex observed that and patched the flaw in time, so the situation won’t get worse.

More in the Case

  • When the case was investigated properly, a phishing kit was found by the team which was in use by adversaries to proceed with these attacks.
  • To harm the victims, LogoKit was used during the attacks against big names such as GoDaddy, Bank of America, and Virgin Fly customers. Alongside, several financial institutions and international online services were in the mess.
  • In July, LogoKit was used in a campaign against 0365 users of the S. and Latin America.

Is it necessary?

Website Owners don’t pay much attention to opening up the redirects as they don’t let the attackers breach data from their sites. In any case, the fear of losing data, credentials, and most money always exists with the users.

Due to lack of knowledge, victims assume that they were directed to the safer site instead of looking for the genuineness of the link they tapped unknowingly. That site could be one of the malicious credential harvesting sites. So, definitely, it is necessary to be alert of such links that you might confront someday.

Results and Advice

Due to the urge of people to examine links for URLs they click on several links a day containing “url=”, “redirect=”, “external-link”, or “proxy”. It shows that a trusted domain could redirect to another site that can be malicious in nature.

Owners of Domain can reduce such exploitations by not installing redirection in the site architecture. If you want to secure yourself from such attackers you can learn about how to fight against Phishing Attacks and such links. Go for more and learn to get security.

Kindly read more articles :

Malicious Apps Discovered over Google Play Store

Dahua IP Camera Unlocked the Controls over any Device Connected


About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?