Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar

An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims Microsoft credentials.

A phishing campaign exploiting a bug in Nespressos website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links.
The campaign starts with a
phishing email
that appears to have been sent from an employee with Bank of America, with a message to please check your recent [Microsoft] sign-in activity. If a target clicks, they are then directed to a legitimate but infected URL controlled by Nespresso. according to research today from Perception Point.
Because the address is legitimate, the hijacked Nespresso site triggers no security warnings, the
report
explained. The Nespresso URL then delivers a malicious .html file doctored up to look like a Microsoft login page, intended to capture the victims credentials, the Perception Point team added.
The attackers are making use of an open redirect vulnerability in the coffee giants webpage, the researchers explained: Open redirect vulnerabilities occur when an attacker manages to redirect users to an external, untrusted URL through a trusted domain. This is possible when a website or URL allows data to be controlled from an external source.
Attackers know that some security vendors only inspect the initial link, not digging further to discover any hidden or embedded links, they added. With this knowledge, it makes sense that the attacker would host the redirect on Nespresso, as the legitimate domain would likely be sufficient to bypass many security vendors, detecting only the reputable URL and not the subsequent malicious ones.
This particular campaign has been launched from several different sender domains, but it consistently uses the infected Nespresso URL and the fake Bank of America email in the cyberattacks, the report added. According to Perception Point, the redirect has not yet been fixed.
“We were alerted of a phishing attempt, where a modified redirection website link disguised as a Nespresso address was used to try to obtain personal credentials from people (not necessarily Nespresso customers), a spokesperson tells Dark Reading. We can confirm that our customers’ data has not been compromised in any way. We ask everyone to be aware and vigilant of emails that redirect them to unknown websites.”

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar