New Phishing Attack: American Express & Snapchat Exploited To Manipulate Victims Using Open Redirects

INKY has released its newest discovery of hackers sending phishing emails that took advantage of open redirect vulnerabilities affecting American Express and Snapchat domains.

In both the Snapchat and the American Express exploits, hackers inserted personally identifiable information (PII) into the URL so that the malicious landing pages are customizable on the fly for the individual victims.   

Phishing emails in the Snapchat open redirect group impersonated DocuSign, FedEx, and Microsoft, which led to Microsoft credential harvesting sites.

You can read the full report here.

Leave a Reply

%d bloggers like this: