Adobe and Google Open Redirects Abused by Phishing Campaigns

guest · Sep 27, 2019

Adobe and Google Open Redirects Abused by Phishing Campaigns
September 27, 2019
https://www.bleepingcomputer.com/ne...-open-redirects-abused-by-phishing-campaigns/

Google and Adobe open redirects are being used by phishing campaigns in order to add legitimacy to the URLs used in the spam emails.

An open redirect is an URL on a web site that can be used by anyone to redirect users to another site. Unfortunately, many companies, including Google, do not consider an open redirect a security vulnerability and thus do nothing about them.

"Open redirectors take you from a Google URL to another website chosen by whoever constructed the link. Some members of the security community argue that the redirectors aid phishing, because users may be inclined to trust the mouse hover tooltip on a link and then fail to examine the address bar once the navigation takes place. [...]"
It was also discovered recently, that Adobe has an open redirect at the web page https://t-info.mail.adobe.com/r/?id=hc43f43t4a,afd67070,affc7349&p1=example.com, which can be used to redirect users to any site as well.
Click to expand...

Phishing campaigns abusing open redirects
Phishing campaigns commonly utilize open redirects from well known companies as they feel users will be more likely to click on a link if it belongs to Google or Adobe.

For example, below we can see a phishing email that utilizes the open Google redirect. This phishing email states that your Microsoft Office 365 account is overdue and contains a link that will use Google to redirect you to a fake login page.
Click to expand...

guest · May 16, 2020

How scammers abuse Google Search’s open redirect feature
May 15, 2020
https://nakedsecurity.sophos.com/2020/05/15/how-scammers-abuse-google-searchs-open-redirect-feature/

Yesterday morning I got a Skype message from an ex-colleague, somebody I’d not heard from in some time but was happy to reconnect with.
It was clearly a phish, but it caught my eye because it didn’t link to some obviously scummy or incongruous URL. It was a link to Google, and that got me wondering, how does that work?

It reminded me of a very similar Skype message I’d received a few years ago, one that abused an open redirect in Google Maps, and I wondered if there was another.
Click to expand...

In some browsers, like Firefox or Safari, Google search results don’t lead directly to the listed websites. Instead, Google links to itself. When you click on a search result link you’re bounced through another Google URL, which then redirects you to your destination.

Google search results have worked this way for a long time, and I imagine the tactic I’ve described here has been used for almost as long. So why does Google tolerate it? Well, Google (which, whether you like the company or not, takes security very seriously) doesn’t consider open redirects to be a security issue.
It says that “improperly designed redirectors can lead to more serious flaws” and it’s happy to hear about those. So, for example, Google would consider the scam site I ended up at a security threat, but not the subterfuge the scammer used to get me there.
Click to expand...

guest · Aug 12, 2021

Attacks Leveraging Open Redirects on Google Meet, DoubleClick Surge
Phishing operators took advantage of the issue to redirect victims to malicious websites.
August 12, 2021
https://www.darkreading.com/applica...n-google-meet-doubleclick-surged-last-quarter

Phishing attacks taking advantage of what are known as unvalidated redirects on Google Meet and Google DoubleClick platforms increased 85% between this year's first and second quarters, a new analysis of threat data shows.

Most of the attacks were primarily focused on luring users to sites for credential harvesting, payment fraud, and auto-downloads of malware, said security vendor GreatHorn in a report this week.
Click to expand...

According to the Open Web Application Security Project (OWASP) an unvalidated — or open — redirect vulnerability exists when a Web application accepts untrusted input that could cause the Web application to redirect users to another URL. By modifying the URL for these sites — for instance, by adding a link to another destination to the end of the original URL — an attacker can easily redirect users to websites of their choice.

"By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials," OWASP notes. "Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance."
Click to expand...

GreatHorn says its threat intelligence team found attackers simply adding a "link redirect" instruction with a URL to a different destination to the end of Google's legitimate URL for Google Meet — for example:
meet.google.com/linkredirect?authuser=0&dest=some-malicious-site.com.

GreatHorn says the issue with DoubleClick has existed at least since 2008, when Google acquired the advertising technology.
Click to expand...

GreatHorn: Google and Open Redirects: Preventing Your Users from Becoming a Victim of Attacks

Log in or Sign up

Adobe and Google Open Redirects Abused by Phishing Campaigns

guest Guest

guest Guest

guest Guest

Log in or Sign up

Adobe and Google Open Redirects Abused by Phishing Campaigns

guest Guest

guest Guest

guest Guest

Useful Searches