Crooks abuse Google and Adobe services to create URLs that point to malicious websites that anyway are able to bypass security filters
“Our take on this is that tooltips are not a reliable security indicator, and can be tampered with in many ways; so, we invest in technologies to detect and alert users about phishing and abuse, but we generally hold that a small number of properly monitored offers fairly clear benefits and poses very little practical risk.”
An example of Google open redirect is
“Phishing campaigns commonly utilize open redirects from well known companies as they feel users will be more likely to click on a link if it belongs to Google or Adobe.” reported BleepingComputer.
Below an example of a phishing message that uses Google open redirect that points to a fake login page.
In a similar way, attackers could abuse the Adobe redirect service in phishing campaigns.
Experts suggest administrators and users remain vigilant on open redirects.
|[adrotate banner=”9″]||[adrotate banner=”12″]|