Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the breadcrumb-navxt domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
Phishing Attacks Exploited Indeed Flaw Targeting Executives - Recruitment Marketer

Stay In The Know!

Subscribe To Receive Weekly Email Updates - Opt Out Anytime.

Job Boards Legal News

Phishing Attacks Exploited Indeed Flaw Targeting Executives

Cybersecurity firm Menlo Security has issued a warning about a recent phishing campaign aimed at executives in senior positions. The campaign leverages an open redirection vulnerability found in the popular job search platform Indeed.

Indeed, headquartered in the United States, boasts a massive user base, with over 350 million unique visitors per month and a global workforce of more than 14,000 employees. Its widespread popularity has made it a trusted source for users, but this latest campaign illustrates how cybercriminals are taking advantage of that trust.

Starting in July 2023, attackers have been observed exploiting an open redirection flaw in the indeed.com website, redirecting victims to a phishing page designed to steal their Microsoft credentials. The primary targets of these attacks have been C-suite employees and executives in sectors such as banking, financial services, insurance, property management, real estate, and manufacturing, mainly within the United States.

The attack begins with the victim receiving a phishing email containing a link that appears to lead to indeed.com. However, clicking the link redirects them to a counterfeit Microsoft login page created using the EvilProxy phishing framework. This phishing kit operates as a reverse proxy, dynamically fetching page content from the legitimate Microsoft domain and allowing the attacker to intercept the victim’s credentials before they reach the actual login page.

Moreover, the phishing kit also pilfers the victim’s session cookies, which can be employed by the attacker to impersonate the victim and gain access to their Microsoft account, circumventing certain multi-factor authentication (MFA) mechanisms.

The attack capitalizes on the fact that the indeed.com website could be manipulated to redirect visitors to an untrusted external resource. As part of their strategy, the attackers utilized the ‘lmo.’ subdomain and hosted their phishing pages on nginx servers configured as reverse proxies.

Menlo Security explains that the reverse proxy captures dynamically generated content, such as login pages, and acts as an intermediary, intercepting requests and responses between the victim and the legitimate site.

Menlo Security has reported the open redirection vulnerability and the observed malicious activity to Indeed, although it remains uncertain whether the employment website has addressed the issue.

Menlo warns that account compromise is only the initial phase of an attack chain that could potentially culminate in a Business Email Compromise (BEC), leading to identity theft, intellectual property theft, and substantial financial losses.

Proofpoint has also reported a similar phishing campaign targeting executives at more than 100 organizations, using the EvilProxy phishing tool. In those instances, cybercriminals exploited other legitimate services, including YouTube, for redirection.

Indeed Responds Claiming Flaw Fixed & No Data Issues

An Update found in SecurityWeek.com from Indeed wrote: In response to the security concerns, an Indeed spokesperson has reported resolving the vulnerability that allowed malicious actors to exploit Indeed’s domain for social engineering attacks. They assured that no Indeed user data was improperly accessed and that their engineering teams are actively engaged in security incident response to prevent any recurrence.

Oliver Feakins

Oliver Feakins

About Author

Oliver Feakins is a 15 veteran of the HR Tech space with a special passion for recruitment marketing. Oliver is the CEO of TrackFive, a technology company that creates and operates career platforms in multiple markets

You may also like

Job Boards
Job Boards

The Future of Job Boards: Spoiler Alert, They’re still here!

In today’s rapidly evolving job market, where new technologies and digital platforms reshape the way we search for and find
Job Boards AI Recruitment Webinars

Gain Efficiency With Recruitment Automation!

Learn how recruitment automation and AI is changing the game in recruitment marketing. Experts from TrackFive, Sense and Bullhorn gather