Open Redirect Flaw Snags Amex, Snapchat User Data

Attackers are exploiting a well-known open redirect flaw to phish people’s credentials and personally identifiable information (PII) using American Express and Snapchat domains, researchers have found. “Since the first domain name in the manipulated link is in fact the original site’s, the link may appear safe to the casual observer,” INKY’s Roger Kay explained in the post. An example of the malicious redirect domain is: http[://]safe[.]com/redirect?[url=http:]//malicious[.]com. The trusted domain, then—in this case, American Express or Snapchat—is used as a temporary landing page before the victim of the campaign is redirected to a malicious site. During the two-and-a-half-month period over which the campaigns were observed, researchers detected the snapchat[.]com open redirect vulnerability in 6,812 phishing emails originating from various hijacked accounts, they said. Meanwhile, over just two days in late July, they observed the americanexpress[.]com open redirect vulnerability in 2,029 phishing emails that originated from newly created domains. Attack Similarities Both campaigns started with phishing emails using typical social-engineering tactics to try to trick users into clicking on malicious links or attachments, researchers said. The two campaigns also both used exploits in which attackers inserted PII in the seemingly legitimate URL so that the malicious landing pages could be customized on the fly for the individual victims, they said. “This insertion was…