Open redirect flaws increasingly exploited by phishers

2023-08-23 09:46

Phishing attacks using open redirect flaws are on the rise again, according to Kroll's Cyber Threat Intelligence team, which means organizations should consider refreshing employees' awareness and knowledge on how to spot them.

Open redirect vulnerabilities in web applications allows threat actors to manipulate legitimate URLs to redirect victims to an external malicious URL. "They occur when a website allows for user-supplied input as part of a URL parameter in a redirect link, without proper validation or sanitization," says George Glass, Kroll's Head of Threat Intelligence.

Shortened URLs in phishing emails and direct messages usually point to malicious pages.

By leveraging phishing kits to create seemingly legitimate sites and take advantage of open redirect vulnerabilities, phishers are able to successfuly trick victims into clicking URLs embedded within phishing emails.

While the campaigns Kroll observed used email as the attack vector, the open redirect technique can be used to deliver legitimate-looking links via social media, forum posts, text/IM messages or enterprise tools - and users are less likely to be wary of those.

Organizations should implement email security tools that can detect and block open redirect links in emails, he says.

News URL

https://www.helpnetsecurity.com/2023/08/23/open-redirect-phishing/

#phisher