In phishing campaigns, open redirects by Google and Adobe are used to give validity to URLs used in spam emails.

An open redirect is a website URL which anybody can use to forward users to another website. Unfortunately, many firms, including Google, do not see an open vulnerability in redirecting safety and therefore do nothing about it.

“Open redirectors take you from a Google URL to another website chosen by whoever constructed the link. Some members of the security community argue that the redirectors aid phishing, because users may be inclined to trust the mouse hover tooltip on a link and then fail to examine the address bar once the navigation takes place. Our take on this is that tooltips are not a reliable security indicator, and can be tampered with in many ways; so, we invest in technologies to detect and alert users about phishing and abuse, but we generally hold that a small number of properly monitored redirectors offers fairly clear benefits and poses very little practical risk.”

For instance, does Google have an open address at the https:/www.google.com/url URL?q=[url] that anyone, including attackers, can use to redirect someone to another site through Google:

If you want to check that, then you’ll be redirected to example.com using the following URL by first redirecting you to Google: https:/www.google.com/url?

It was also recently found that Adobe has an open redirect on the https:/t-info.dobe.com/r/? web page.Id= hc43f43t4a, afd67070,affc7349&p1=example.com can also be used to redirect customers to every website.

Adobe and Google are not alone because there are many open redirects that attackers often abuse.

Open redirects phishing campaigns

Phishing campaigns usually use open redirects from well-known businesses because they believe that consumers are likely to click on a link if it’s part of Google or Adobe.

For instance, we can see below a phishing e-mail using the Google Direct. This e-mail says your Microsoft Office 365 account is outdated and includes a connection to redirect you to a fake login page using Google.

Google-redirect

Phishing email using open Google redirect

Although I have no phishing e-mails that display the Adobe redirect, you can see in the VirusTotal section that phishing attacks are strongly abused.

Adobe-Redirects

Adobe open redirect phishing campaigns

One of Adobe’s current phishing campaigns leads targets to a fake Microsoft landing page hosted on Azure.

Microsoft-Landing-Page

Microsoft phishing landing page

It is always essential to remember that performers who are threatened will use any available resources from legitimate businesses, including open transfers.

Administrators and customers should therefore be conscious of open redirects and comprehend that clicking on a redirect may not take you to the site you expect.

Categorized in: