Security News > 2023 > January > Fake OnlyFans dating sites abuse UK Environment Agency open redirect
Threat actors abused an open redirect on the official website of the United Kingdom's Department for Environment, Food & Rural Affairs to direct visitors to fake OnlyFans adult dating sites.
As part of this malicious campaign, threat actors abused an open redirect at that looked like a legitimate U.K. government link but redirected visitors to the fake OnlyFans dating site.
"On Tuesday afternoon, one of my colleagues Adam Bromiley noticed an open redirect on the UK's Environment Agency web site. It popped up during a Google search whilst he was looking for SoC datasheets!," explained the report by Pen Test Partners.
These fake OnlyFans sites prompt the user to answer a series of questions regarding the type of "Date" they are looking for and ultimately redirect them once again to adult "Cheating" sites.
The abuse of government open redirect sites to push adult phishing sites is not new.
Another malicious campaign that year abused an open redirect on HHS.gov to redirect visitors to COVID-19 phishing sites that spread malware.