Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks.
The phishing attacks were aimed at senior executives across various industries, primarily in Banking, Financial, Insurance, Property Management and Real Estate, and Manufacturing sectors.
The campaign was observed between July and August, threat actors used the phishing kit ‘EvilProxy.’ EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session.
The attackers exploited the open redirection vulnerability on “indeed.com” to redirect victims to phishing pages impersonating Microsoft.
The fake Microsoft Online login page is deployed with the EvilProxy framework fetching all the content dynamically from the legitimate login site.