Hackers Exploit Trusted Platform Redirect Flaws To Launch Phishing Attacks

Attackers abuse trustworthy platforms for redirection, which involves the use of legitimate websites to redirect users to harmful URL destinations.

In this ever-evolving world of cyber threats, phishing attempts are getting more frequent, with email being one of the primary targets. Experts have noted a notable increase in phishing attempts that take advantage of open redirect vulnerabilities.

The major purpose is to avoid detection mechanisms and exploit user confidence by leveraging the trusted platform’s reputation and employing anti-phishing analytical techniques such as intricate redirection chains.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

What is Open URL Redirection Vulnerability?

A web application receives user-controlled input that provides a link to an external site, which is then used in a redirect. This makes phishing attempts easier.

According to the SpiderLabs team at Trustwave, this kind of web application vulnerability arises when users can be directed to untrusted websites by using input that hasn’t been verified, which could take them to websites run by attackers, including phishing sites.

An open redirect in a deceptive email campaign
An open redirect in a deceptive email campaign

“Attackers are increasingly probing and testing links on trusted platforms that are vulnerable to open redirection. They manipulate URL parameters to redirect users to malicious sites, embedding these links in phishing emails. This enables them to launch phishing attacks and steal user credentials”, the SpiderLabs team shared with Cyber Security News.

Email Phishing Attempts

The base URL “hxxps[://]www[.]intelliclicktracking[.]net/,” which belongs to IntelliClick, an established provider of email and website marketing solutions, is used by attackers in one case. Threat actors use this domain to launch phishing attacks through open redirects, even though it is a legal service.

Legitimate Email abused by attackers
Legitimate Email abused by attackers

It has a URL parameter that points to a malicious IPFS site with a fragment of an email address on it. A distributed, peer-to-peer file-sharing system called InterPlanetary File System, or IPFS, is being used more frequently in phishing attacks.

The exploited URL’s redirection chain is shown, leading to the appended IPFS URL that hosts a fake login form imitating Webmail.

Redirection chain for the exploited URL
Redirection chain for the exploited URL

Phishing campaigns that use open redirect strategies have become more common as a result of an increase in image-based attacks that pose as Microsoft and e-signature services like Adobe Sign and DocuSign.

Threat actors are taking advantage of the widespread trust associated with Google services by misusing Google domains and incorporating them into phishing efforts to avoid detection.

This emphasizes the necessity for constant watchfulness against cyber threats since they continue to develop and pose novel threats.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.