American Express, Snapchat Open-Redirect Vulnerabilities Exploited in Phishing Scheme

Phishing operators are taking advantage of security bugs in the Amex and Snapchat websites (the latter is unpatched) to steer victims to phishing pages looking to harvest Google and Microsoft logins.

Malicious actors have been taking advantage of open-redirect vulnerabilities affecting American Express and Snapchat domains to send phishing emails targeting Google Workspace and Microsoft 365 users.
Research published by INKY reveals that in both cases the phishers included personally identifiable information (PII) in the URL. This allows the actors to rapidly customize the malicious landing pages for individual victims and disguised the PII by converting it to Base 64, turning the information into a sequence of random characters.
Phishing emails in the Snapchat group used DocuSign, FedEx, and Microsoft lures, which led to Microsoft credential harvesting sites.
INKY engineers detected more than 6,800 Snapchat phishing emails containing the open-redirect vulnerability during a period of two and a half months. Despite previously being reported to Snaptchat by Open Bug Bounty nearly a year ago, the vulnerability remains unpatched, according to the report.
The issue was even worse with the American Express open-redirect vulnerability, which was uncovered in more than in 2,000 phishing emails during the course of just two days in July.
However, the report notes, American Express has since patched the vulnerability, and any user who clicks the link now is redirected to an error page on the companys actual website.
Redirect vulnerabilities arise when domains accept untrusted input that could cause the site to redirect users to another URL. By modifying the URL for these sites — for instance, by adding a link to another destination to the end of the original URL — an attacker can easily redirect users to websites of their choice.
Perhaps websites dont give open-redirect vulnerabilities the attention they deserve because they dont allow attackers to harm or steal data from the site,
todays report notes
. From the website operators perspective, the only damage that potentially occurs is harm to the sites reputation. The victims, however, may lose credentials, data, and possibly money.
The report recommended that when examining links, surfers should keep an eye out for URLs including url=, redirect=, external-link, or proxy, strings that may indicate a trusted domain could redirect to another site.
Another telltale sign indicating redirection are links with multiple occurrences of http in the URL.
Domain owners can prevent this abuse by avoiding the implementation of redirection in the site architecture and can also present users with an external redirection disclaimer that requires user clicks before redirecting to external sites, according to the report. If redirection is necessary for commercial reasons, then implementing an allow-list of approved safe links prevents bad actors from inputting malicious links.
The scam that INKY reported is the latest in a long line of phishing scams roiling the IT security landscape — earlier this week, researchers from ThreatLabz
issued a warning
over a large-scale phishing campaign aimed at Microsoft Outlook email services users.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
American Express, Snapchat Open-Redirect Vulnerabilities Exploited in Phishing Scheme