american express, amex, docusign, fedex, microsoft 365, open redirect, phishing, snapchat, microsoft

Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials.

Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks.

They’re used in attacks to redirect targets to malicious sites that will either infect them with malware or trick them into handing over sensitive information (e.g., credentials, financial info, personal info).

“Since the first domain name in the manipulated link is in fact the original site’s, the link may appear safe to the casual observer,” email security firm Inky, which observed the attacks, explained.

“The trusted domain (e.g., American Express, Snapchat) acts as a temporary landing page before the surfer is redirected to a malicious site.”

american express, amex, docusign, fedex, microsoft 365, open redirect, phishing, snapchat, microsoft

Phishing email impersonating Microsoft (Inky)

​Abused to target thousands of potential victims

According to Inky researchers, the Snapchat open redirect was used in 6,812 phishing emails sent from Google Workspace and Microsoft 365 hijacked over two and a half months.

These emails impersonated Microsoft, DocuSign, and FedEx and redirected the recipients to landing pages designed to harvest Microsoft credentials.

While the Snapchat vulnerability was reported to the company through the Open Bug Bounty platform one year ago, on August 4, 2021, the open redirect is yet to be patched.

On the other hand, the American Express open redirect was quickly patched after being exploited for a couple of days during late July. New attempts to abuse it now land on an American Express error page.0

american express, amex, docusign, fedex, microsoft 365, open redirect, phishing, snapchat, microsoft

American Express open redirect error page (Inky)

​Before being addressed, the Amex open redirect was used in 2,029 phishing emails using Microsoft Office 365 baits, sent from recently registered domains and designed to funnel potential victims to Microsoft credential harvesting sites.

“In both the Snapchat and the American Express exploits, the black hats inserted personally identifiable information (PII) into the URL so that the malicious landing pages could be customized on the fly for the individual victims,” Inky explained.

“And in both, this insertion was disguised by converting it to Base 64 to make it look like a bunch of random characters.”

To defend against such attacks, Inky advised email recipients to check for “url=,” “redirect=,” “external-link,” or “proxy” strings or multiple occurrences of “HTTP” in URLs embedded in emails likely showing an indication of redirection.

Website owners are also recommended to implement external redirection disclaimers that request users to click before being redirected to external sites.

TECH NEWS RELATED

How to Fix “VT-X Is Not Available (verr_vmx-No-Vmx)” Error in VirtualBox

VT-x or Intel Virtualization Technology allows processors to run virtual machines. It’s no surprise, then, that a “VT-x is not available (VERR_VMX_NO_VMX)” error prevents VirtualBox from functioning correctly. This error indicates that your processor doesn’t have virtualization enabled. This could be due to many reasons, from a security precaution to ...

View more: How to Fix “VT-X Is Not Available (verr_vmx-No-Vmx)” Error in VirtualBox

How to check AMD chipset driver version on Windows 11/10

Every PC contains Chipset drivers for the components to function correctly. You cannot use a PC without Chipset drivers as they instruct your operating system to communicate with your motherboard and its subsystems. If you are running AMD Chipset drivers, this guide will help you to check the AMD chipset ...

View more: How to check AMD chipset driver version on Windows 11/10

Download Realtek HD Audio Drivers for Windows (Latest Version)

If you are a Windows user, you may know about RealTek. Realtek is a tech company with many bits and pieces of hardware built into many of today’s PCs and Laptops. Of all things, Realtek is known for its High definition audio driver. What is Realtek High Definition Audio ...

View more: Download Realtek HD Audio Drivers for Windows (Latest Version)

Microsoft Flight Simulator Pilatus PC-21, SeaRey Elite, & Stockholm Arlanda Airport Get New Screenshots & Trailer; Shannon Released

Microsoft Flight Simulator developers keep releasing new assets and add-ons for the popular sim, and today is no exception. We take a new and extensive look at the Pilatus PC-21 trainer by Iris Simulations, with both new screenshots and a trailer. The aircraft is said to be releasing “soon.” Image ...

View more: Microsoft Flight Simulator Pilatus PC-21, SeaRey Elite, & Stockholm Arlanda Airport Get New Screenshots & Trailer; Shannon Released

More Super Mario Movie Jakks Pacific Toy Listings Surface On Amazon

Toad, Mario, Luigi and Bowser figures

View more: More Super Mario Movie Jakks Pacific Toy Listings Surface On Amazon

Numerous orgs hacked after installing weaponized open source apps

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording all targeted.

View more: Numerous orgs hacked after installing weaponized open source apps

The storm riders: Covid entrepreneurs hope to scale up as pandemic subsides

ETtechWhen Covid-19 saw people scrambling to their homes, vehicles coming to a halt and businesses and offices shutting down, there were some who found light-bulb moments in the once-in-a-century chaos. They founded businesses right in the middle of the pandemic. Like Delhi-based Arham Partap Jain, 31, who saw trucks lying ...

View more: The storm riders: Covid entrepreneurs hope to scale up as pandemic subsides

Slow Mouse Response in Windows 10: How to Fix?

Dealing with a slow mouse can be frustrating, especially if you are under pressure to get work done in a short time frame. You can find below the steps to Fix Slow Mouse Response in Windows 10. Slow Mouse Response in Windows 10 The issue of Slow Mouse Response on ...

View more: Slow Mouse Response in Windows 10: How to Fix?

4 Best Alternatives of Google Stadia

Steam Restart required says Elden Ring [Fixed]

15 years later, Distant Worlds still delivers the passion behind Final Fantasy's iconic music

How to Enable “Stereo Mix” in Windows and Record Audio from Your PC

What to know about Windows 11 before upgrading

Spotify Is Installing Itself on Some Windows PCs

How to Remove Dotted Lines in Microsoft Excel

13 Fixes: Steam Stuck On Preparing To Launch

8 Ways To Enable Or Disable Print Spooler Service

How to Downgrade Windows 11 to 10

5 Ways to Fix “Preparing To Configure Windows” 

The Game Awards 2022 tickets go on sale in November

OTHER TECH NEWS

Top Car News Car News