• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Oppo Find N5 review: Stellar foldable has one big problem

July 30, 2025

The Naked Gun review: Charged with man’s laughter

July 30, 2025

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

July 30, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Tech News»Hackers target unsecured Amex and SnapChat sites to steal user data
Tech News

Hackers target unsecured Amex and SnapChat sites to steal user data

August 6, 2022Updated:August 6, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Hackers target unsecured Amex and SnapChat sites to steal user data
Share
Facebook Twitter LinkedIn Pinterest Email

Why it issues: An email-focused safety agency launched a weblog submit detailing a phishing assault concentrating on unsecured American Categorical and Snapchat websites. The recognized exploit makes use of a recognized open redirect vulnerability that enables risk actors to specify a redirect URL, driving site visitors to fraudulent websites designed to steal consumer data.

Maryland-based safety agency INKY Safety tracked assault exercise associated to the vulnerability from mid-Could by way of mid-July. The phishing assault depends on a recognized open redirect vulnerability (CWE-601) and well-liked model recognition to deceive and harvest credentials from unsuspecting Google Workspace and Microsoft 365 customers.

The assaults focused unsecured websites from Snapchat and American Categorical. Snapchat-based assaults resulted in additional than 6,800 assaults over a two-and-a-half-month interval. The American Categorical-based assaults had been rather more efficient, affecting over 2,000 customers in simply two days.

Malicious actors have taken benefit of open-redirect vulnerabilities affecting AMEX & Snapchat domains to ship #phishing emails concentrating on Google Workspace and Microsoft 365 customers.” https://t.co/bTG2b7dLWY

— INKY (@InkyPhishFence) August 4, 2022

The Snapchat-based emails drove customers to fraudulent DocuSign, FedEx, and Microsoft websites to reap consumer credentials. Snapchat’s open redirect vulnerability was initially recognized by openbugbounty greater than a yr in the past. Sadly, the exploit nonetheless seems to be unaddressed.

American Categorical seems to have remediated the vulnerability, which redirected customers to an O365 login web page just like the one which the Snapchat-based assaults used.

This particular phishing assault makes use of three major methods: model impersonation, credential harvesting, and hijacked accounts. Model recognition depends on recognizable logos and logos to create a way of belief with the potential sufferer resulting in the consumer’s credentials being entered into and harvested from the fraudulent web site. As soon as harvested, hackers can promote the stolen data to different criminals for revenue or use the data to entry and procure the sufferer’s private and monetary data.

See also  Kindly Clinches Funding To Target At Home Sexual Health Market

Open redirect vulnerabilities do not are likely to get the identical degree of care and a focus as different recognized exploits. Moreover, most danger publicity is on the consumer slightly than the location proprietor. The weblog submit supplies extra background and steering to assist customers keep secure and preserve their knowledge out of the improper arms. The following pointers assist customers establish key phrases and characters which will point out if a redirect is going on from a trusted area.

Picture credit score: INKY Safety



Source link

AmEx data hackers sites Snapchat Steal target unsecured User
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Could the iPhone Be the Next Target of an ITC Ban?

July 17, 2025

Beware of Hackers Posing as Apple Support

July 11, 2025

London Couple Use an AirTag to Steal Their Car Back After Cops Wouldn’t Budge

June 14, 2025

FBI Says Hackers Now Targeting Connected Devices in Your Home

June 11, 2025
Add A Comment

Comments are closed.

Editors Picks

Apple Also Released tvOS 18.2 and watchOS 11.2 Today – iDrop News

December 12, 2024

John Carmack’s AGI startup raises $20M from Sequoia, Nat Friedman, Patrick Collison and others – DailyTech

August 20, 2022

Apple Announces Tap to Pay on iPhone Now Available in the UK

July 15, 2023

8 Apps to Improve Your Relationship With Your Significant Other

February 15, 2024

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Oppo Find N5 review: Stellar foldable has one big problem

The Naked Gun review: Charged with man’s laughter

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.