HomeWinBuzzer NewsPhishing Campaign Exploiting Indeed.com Redirects Targets Microsoft 365 Users

Phishing Campaign Exploiting Indeed.com Redirects Targets Microsoft 365 Users

A phishing campaign is targeting senior employees in sectors like electronic manufacturing, banking, finance, real estate, insurance, and property management.


In a major security warning, researchers at Menlo Security uncovered a sophisticated phishing campaign that targets executives and high-ranking employees from several industries in the U.S. These individuals are susceptible to attacks that exploit an open redirect vulnerability on job listing website indeed.com. Notable industries affected include electronic manufacturing, banking and finance, real estate, insurance, and property management.

Exploiting Redirects and Trusted Links

The attackers cleverly utilize redirects, widely accepted as legitimate URLs that automatically take visitors to another online location, typically a third-party website. However, have manipulated these open redirects to create redirections to arbitrary locations, which they have used to direct users to a phishing web page.

Indeed's open redirect vulnerability, specifically, is reportedly abused, making the phishing attempt appear more deceptive due to the credibility of the platform. Targets of this attack receive emails that contain links from the job listing site, appearing legitimate enough to not raise any suspicion at first glance. Once accessed, these URLs lead the targeted user straight to a phishing site acting as a reverse proxy for 's login page.

Phishing-as-a-Service and Security Implications

This campaign also showcases an emerging concept – Phishing-as-a-Service. Here, EvilProxy's role comes to light as a phishing platform that uses reverse proxies to facilitate communication and relay user details between the attack victim and a genuine online service such as Microsoft. The user, while believing to access their account, unknowingly hands over their cookies to the threat actors behind the phishing site. With users having completed the necessary multi-factor authentication (MFA) protocols during login, these cookies handed over to the cybercriminals allows them full access to the victim's account.

In light of previous warnings of EvilProxy campaigns from security firms such as Proofpoint, it's becoming apparent that the utilization of reverse proxy kits for phishing is growing. Combined with open redirects, this tactic not only increases the success rate of a phishing campaign but also proves that are growing in sophistication, warranting increased vigilance when it comes to online security.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News