"EvilProxy Exploits Open Redirect on indeed.com for Microsoft 365 Phishing"
A phishing campaign targeting Microsoft 365 accounts of key executives in U.S.-based organizations has been discovered, utilizing open redirects from the Indeed employment website. The campaign leverages the EvilProxy phishing service to collect session cookies, bypassing multi-factor authentication. Executives from various industries are being targeted, and the phishing emails contain a legitimate-looking indeed.com link that redirects to a phishing site mimicking Microsoft's login page. The use of reverse proxy kits for phishing, combined with open redirects, is increasing the success of such campaigns.