Security News > 2021 > August > Microsoft warns of widespread open redirection phishing attack – which Defender can block, coincidentally
Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes.
Microsoft says that open redirects have legitimate uses, pointing to the way sales and marketing campaigns rely on them to lead customers to specific landing pages and to gather web metrics.
To further convey the illusion of safety and legitimacy, the redirection takes the victim to a Google reCAPTCHA page, which Microsoft theorizes also serves to frustrate dynamic scanning and content checking of the phishing page at the end of the redirection.
The scam site loads with the target's email address - passed to the phishing page as a parameter in the phishing URL - and often with corporate logos or other branding to make the login page look more like it's implementing common single sign-on behavior.
Microsoft says it has detected at least 350 unique phishing domains involved in this campaign.
The scheme appears to have the potential to go far beyond that - the redirection URLs come from a domain-generation algorithm that creates phishing domains on the fly, as needed.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/27/microsoft_phishing_defender/
Related news
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)