- Aug 17, 2014
Microsoft has been tracking a widespread credential phishing campaign using open redirector links combined with social engineering lures that spoof known productivity tools to trick users. Attackers also use a CAPTCHA verification page to add a sense of legitimacy to the campaign. [...]
"The use of open redirects in email communications is common among organizations for various reasons," the Microsoft 365 Defender Threat Intelligence Team wrote in a blog post. Sales and marketing campaigns use this to bring customers to desired landing pages and track click rates and other metrics.
"However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter," officials continue. "Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent."
The campaign abuses open redirector links and includes a CAPTCHA verification page to add a sense of legitimacy to the attack.