US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
Cybersecurity firm Menlo Security has warned of a phishing campaign that targets executives using an open redirection vulnerability on the popular job search platform Indeed. The campaign, which started in July 2023, exploits an open redirection flaw on the Indeed website to redirect victims to a phishing page where their Microsoft credentials are stolen. The attacks primarily targeted C-suite employees in industries such as banking, insurance, property management, and manufacturing. The phishing kit used in the campaign acts as a reverse proxy, intercepting victims' credentials and session cookies. Menlo Security has reported the issue to Indeed, but it is unclear if it has been addressed.