April 22, 2024 at 03:44PM
A phishing campaign targeted Nespresso’s website, exploiting a bug and evading detection by adding malicious links. It starts with a deceptive Bank of America email, tricking targets into a compromised Nespresso URL. The attackers utilize an open redirect vulnerability, bypassing security tools. The campaign consistently uses infected Nespresso URLs and fake Bank of America emails for cyberattacks.
The meeting notes discuss a phishing campaign that exploits a bug in Nespresso’s website. The attackers send phishing emails that appear to be from Bank of America, prompting recipients to check their recent Microsoft sign-in activity. Clicking the link takes the victims to a legitimate but infected URL controlled by Nespresso, which triggers no security warnings. The URL then delivers a malicious .html file designed to look like a Microsoft login page to capture the victim’s credentials. The attackers exploit an open redirect vulnerability in Nespresso’s webpage, allowing them to redirect users to an external, untrusted URL through a trusted domain. This is possible because some security vendors only inspect the initial link and do not dig further to discover any hidden or embedded links. The attackers have launched this campaign from different sender domains, but consistently use the infected Nespresso URL and the fake Bank of America email in the cyberattacks. There seems to be uncertainty whether the open-direct vulnerability has been fixed by Nespresso.