Security News > 2021 > August > Microsoft warns of widespread open redirection phishing attack – which Defender can block, coincidentally

Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes.

Microsoft says that open redirects have legitimate uses, pointing to the way sales and marketing campaigns rely on them to lead customers to specific landing pages and to gather web metrics.

To further convey the illusion of safety and legitimacy, the redirection takes the victim to a Google reCAPTCHA page, which Microsoft theorizes also serves to frustrate dynamic scanning and content checking of the phishing page at the end of the redirection.

The scam site loads with the target's email address - passed to the phishing page as a parameter in the phishing URL - and often with corporate logos or other branding to make the login page look more like it's implementing common single sign-on behavior.

Microsoft says it has detected at least 350 unique phishing domains involved in this campaign.

The scheme appears to have the potential to go far beyond that - the redirection URLs come from a domain-generation algorithm that creates phishing domains on the fly, as needed.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/27/microsoft_phishing_defender/