"Open Redirect Flaws Increasingly Exploited by Phishers"

According to Kroll's Cyber Threat Intelligence (CTI) team, phishing attacks involving the exploitation of open redirect flaws are increasing again. Therefore, organizations should consider retraining their employees on how to spot them. Open redirect vulnerabilities in web applications allow threat actors to manipulate legitimate URLs to redirect victims to a malicious external URL. George Glass, Kroll's Head of Threat Intelligence, explains that they occur when a website accepts user-supplied input as part of a URL parameter in a redirect link without proper validation or sanitization. Targets are likelier to trust the URL because its first part typically consists of a trustworthy, legitimate domain. Once a victim is redirected to a malicious website, threat actors can steal sensitive information, including login credentials, credit card information, and personal data. This article continues to discuss the rise in the use of open redirect flaws among phishers. 

Help Net Security reports "Open Redirect Flaws Increasingly Exploited by Phishers"