Researchers from Menlo Security have identified a new phishing campaign targeting 65 key executive directors of organizations in the United States that use Microsoft accounts. The cybercriminals behind the campaign are taking advantage of open redirections (Open Redirect) from the popular job search site Indeed.
The attackers are utilizing a phishing tool called EvilProxy, which is capable of collecting session cookies. With access to session cookies, the attackers can bypass various authentication mechanisms, including Multi-Factor Authentication (MFA).
According to Menlo Security, the primary target of this phishing campaign is executive directors and senior staff members from various industries, including electronics manufacturing, banking and finance, real estate, insurance, and property management.
Open redirection (Open Redirect) is a type of vulnerability where a web application allows users to be redirected to arbitrary external websites.
In its early stages, URLs were intended to indicate the location of different files on the internet. However, over time, they have come to represent the addresses of all resources, regardless of their type.