What are open redirect phishing attacks?

What is an open redirect?

A redirect is an HTTP response code that moves users to a different website than the originally requested destination. There are many legitimate purposes for a redirect, such as when a website switches to a new domain.

An open redirect vulnerability occurs when an application permits users to control a redirect and does not validate untrusted user input. This makes it easier for attackers to redirect users to a malicious site.

How do hackers leverage open redirects for phishing attacks? 

Cybercriminals exploit open redirects by embedding the URL of a genuine website into a phishing email. A common example is impersonating a bank’s website. Since the actual domain is shown when users click the link, this gives the attack more credibility.

In reality, malicious code is hidden to direct victims to a malicious website. Once the victim clicks through to the dangerous site, they are usually prompted to provide credentials on a login form. The cybercriminal then uses this information to impersonate the user and gain access to other personal information such as credit card details.

Open redirects can also be used for other cyberattacks, such as server side request forgery (SSRF) and cross-site scripting (XSS). These allow hackers to target internal systems and intercept local data.

Ways to reduce your risk for a redirect phishing attack

The best way to avoid open redirect phishing attacks is to inspect the entire URL before clicking a link. This can be done by hovering your mouse over the URL to ensure that it is going to the site you expected.

If you can only see the domain or if the link is especially long with a string of extra characters, that is a good reason to pause.

Additional best practices for your organization include:

• Avoid using redirects and forwards altogether.
• If redirects are needed, do not incorporate user-controllable data into these targets.
• When user input can not be avoided, ensure that the supplied value is valid, authorized, and appropriate for the particular application.
• Sanitize input by creating a list of trusted URLs. This should be based on an allow-list, rather than a block list.
• Leave sensitive data such as usernames and passwords out of logs.

Strengthen email security with Paubox

As cybercriminals continue to evolve their methods, employee training is another key piece of preventing your staff from falling victim to open redirect attacks and other malicious schemes. Unfortunately, human error is ultimately unavoidable. Therefore, it’s important for healthcare providers to cover all bases with a stronger inbound email security strategy.

That’s where Paubox Email Suite’s HIPAA compliant email platform comes in. Along with enabling healthcare email encryption, Paubox Email Suite’s Plus and Premium plan levels include robust inbound email security tools that block phishing emails and other malicious attacks from reaching the inbox in the first place.

Our patent-pending Zero Trust Email feature uses email AI to confirm that an email is legitimate. Additionally, our patented ExecProtect solution quickly intercepts display name spoofing attempts.

HITRUST CSF certified 4.9/5.0 on the G2 Grid Paubox sends 70 million HIPAA certified and secure emails every month.