Legitimate sales and marketing campaigns often rely on open redirects to track click rates and lead customers to a particular landing page.
“However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter. Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent,” warn the researchers.
- Here’s our list of the best password managers
- We’ve also rounded up the best security keys
- Shield yourself with these best identity theft protection services
While the abuse of open redirects isn’t a novel approach, the attackers in the current campaign combine these links with social engineering tricks by impersonating popular tools and services to trick users to click the fake links.
Hook, line, and sinker
Unraveling the details of the campaign, the researchers say that the links lead to not one, but several redirects, and even throw a Captcha verification page, in a bid to fool users into thinking that the page is above-board.
Once the users answer the Captcha, the attackers take them to the fake sign-in page of a legitimate service.
The researchers suggest that phishing attacks make use of open redirects because a casual inspection of the URL from inside an email client will display a trustworthy domain name, encouraging users to click the link.
“Likewise, traditional email gateway solutions may inadvertently allow emails from this campaign to pass through because their settings have been trained to recognize the primary URL without necessarily checking the malicious parameters hiding in plain sight,” reason the researchers.
Another aspect of the campaign that shows the commitment of the threat actors behind it, is that it relies on a huge number of domains, at least 350 unique ones, which is another attempt at evading detection.
- These are the best data loss prevention services