Security News > 2023 > October > New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack.
A new EvilProxy phishing attack is leveraging an open redirection flaw from the legitimate Indeed.com job search site, according to a report from Menlo Security, a cloud-based security company.
Menlo Security notes this phishing attack campaign targets C-suite employees and other key executives at U.S.-based organizations primarily in manufacturing, insurance, banking and financial services, property management and real estate.
How this new phishing campaign abuses Indeed.com redirector.
This new EvilProxy attack starts with a phishing email sent to targets.
An HTTP POST request contains the victim's base64-encoded email address and a session identifier, which is also typical of the EvilProxy phishing kit.
News URL
https://www.techrepublic.com/article/new-evilproxy-phishing-attack-targets-executives/
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- US cities warn of wave of unpaid parking phishing texts (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)