Open Redirect Flaw Snags Amex, Snapchat User Data

Attackers are exploiting a well-known open redirect flaw to phish people’s credentials and personally identifiable information (PII) using American Express and Snapchat domains, researchers have found. Threat actors impersonated Microsoft and FedEx among other brands in two different campaigns, which researchers from INKY observed from mid-May through late July, they said in a blog post published online.

Read full article on Threat Post