"Phishing Campaign Targeted US Executives Exploiting a Flaw in Indeed Job Search Platform"
"Phishing Campaign Targeted US Executives Exploiting a Flaw in Indeed Job Search Platform"
According to Menlo Security researchers, threat actors have used an open redirection vulnerability contained by the Indeed job search platform to carry out phishing attacks. The phishing attacks targeted senior executives in banking, finance, insurance, real estate, manufacturing, and other industries. The campaign was observed between July and August, with threat actors using the phishing kit known as EvilProxy. EvilProxy actors use Reverse Proxy and Cookie Injection to circumvent two-factor authentication (2FA).