unprotected-snapchat-and-amex-sites-lead-to-credential-harvesting

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Unprotected Snapchat and Amex sites lead to credential harvesting

Open-Redirect vulnerabilities in American Express and Snapchat are being exploited to carry out phishing scams, researchers have revealed.

Scammers are exploiting open-redirect vulnerabilities in a new phishing campaign targeting Microsoft 365 and Google Workspace users. These vulnerabilities are mainly impacting American Express and Snapchat domains.

Open redirect is a security vulnerability. It occurs when a website cannot validate user input, due to which threat actors can manipulate the URLs of reputed domains and redirect victims to malicious pages.

Phishing Emails Using Open-Redirect Vulnerabilities

According to a report from INKY, automated URL redirects used by Snapchat and American Express to attract users to their websites have been hijacked to steal credentials.

Attackers are sending phishing emails and include PII (personally identifiable information) in the URL to customize the malicious landing pages quickly and disguise them PII by converting it into Base 64.

Hence, the information turns into a sequence of random characters. INKY’s report further revealed that they observed threat actors hijacking unpatched redirect vulnerabilities on Snapchat and American Express domains between May and July.

What Makes the Attack Effective?

A trusted domain such as Snapchat serves as a temporary landing page, after which the visitor is redirected to a malicious URL. The original site’s link is the first domain in the altered link, which appears safe to unsuspecting users. Since legit websites/URLs used by trusted brands are used in the scam, the attack is effective.

“For example, where “safe.com” is taken to represent an authentic domain and “malicious.com” – a credential-harvesting website, cybercriminals will insert safe.com/redirect?url=malicious.com to redirect victims to fake versions of Microsoft, FedEx, and DocuSign login sites that then siphon off their email and password details.”

INKY

In the Snapchat group, phishing emails used DocuSign, Microsoft, and FedEx lures, allowing the stealing of Microsoft credentials.

Unprotected Snapchat and Amex sites lead to credential harvesting
Image: INKY

INKY engineers identified over 6,800 Snapchat phishing emails with the open-redirect vulnerability during the past two months. Conversely, American Express’s open-redirect vulnerability was detected in over 2,000 phishing emails in just two days in July.

Reportedly, American Express patched the vulnerability, but Snapchat hasn’t patched it even after a year has passed after the company was notified about the issue by Open Bug Bounty.

Related News

How to Craft Rich Data-Driven Infographics with Powered Template

How to Craft Rich Data-Driven Infographics with Powered Template

We’re living in a data-driven world, and this means that it’s imperative to share information in the most engaging and…
Meta Fined €265 million in Facebook Data Scraping Case in the EU

Meta Fined €265 million in Facebook Data Scraping Case in the EU

Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on Meta following Facebook’s data…
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

While performing routine monitoring, Cyble’s Global Sensor Intelligence (GIS) discovered a threat actor is distributing unauthorized access to several Fortinet…