EvilProxy is a recent phishing campaign that has targeted high-level executives in various industries, with a particular focus on the popular job search platform Indeed. This campaign has exploited an open-redirect vulnerability on Indeed.com [2], posing a significant threat to organizations and individuals alike [1].

Description

EvilProxy [1] [2] [3] [4] [5], a phishing campaign known for its targeting of executives, has affected organizations in sectors such as banking and financial services, insurance [1] [2] [3], property management and real estate [1] [3], and manufacturing [1] [2] [3]. The primary targets of this campaign were executives in the C-suite, particularly those using the job search platform Indeed. Between July and August 2023, attackers distributed a deceptive link that appeared to lead to Indeed.com but actually redirected victims to a counterfeit Microsoft Online login page. By tricking victims into entering their credentials, the attackers were able to harvest session cookies, bypassing multi-factor authentication [2] [4] [5]. This attack highlights the danger of open-redirect vulnerabilities [2], where users are deceived into visiting phishing pages while believing they are on trusted sites like Indeed.com [2]. It is an example of an Adversary In The Middle (AiTM) phishing attack [4]. To mitigate the risk of EvilProxy phishing attacks [1], organizations should ensure that their executives and employees are properly trained to recognize and respond to such attacks.

Conclusion

The existence of open redirection vulnerabilities poses a severe threat to users [1], as demonstrated by the EvilProxy phishing campaign. To address this issue, organizations should invest in robust cybersecurity measures and continuously educate their employees [1]. Additionally, responsible disclosure of vulnerabilities, as done by Menlo Labs to Indeed.com, is crucial in minimizing the impact of such threats. Phishing attacks like EvilProxy continue to pose a significant risk [1], emphasizing the need for individuals to remain vigilant and follow best practices to protect themselves [1]. By taking proactive measures, organizations can mitigate the risk and minimize the potential future implications of such attacks.

References

[1] https://cybersecurity-see.com/evilproxy-phishing-attack-targets-executives-in-recent-incident-at-indeed/
[2] https://www.infosecurity-magazine.com/news/evilproxy-phishing-attack-strikes/
[3] https://thecyberwire.com/stories/d41f473d134842dcaa66570695d8d2e2/evilproxy-phishes-for-executives
[4] https://securityboulevard.com/2023/10/evilproxy-phishing-attack-strikes-indeed/
[5] https://techlapse.com/news/evilproxy-phishing-attack-targets-indeed-job-site/