Search This Blog

Showing posts with label Snapchat. Show all posts

Phishing Scam Exploit's American Express, Snapchat Open-Redirect Threats

Phishing emails aimed at users of Google Workspace and Microsoft 365 have been sent as a result of open-redirect vulnerabilities affecting the American Express and Snapchat domains.

The term "open redirects" refers to a software vulnerability that makes it simpler for hackers to point users toward harmful resources they control.

Vulnerabilities :

Open redirect occurs when a website doesn't validate user input, allowing hackers to modify the URLs of domains with stellar reviews to route consumers to malicious sites. Because the initial domain name in the altered link is a well-known one, like American Express or Snapchat, victims will believe it.

The link may seem secure to an untrained eye because the first domain name in the modified link is actually the domain name of the original site. According to email security firm INKY, the trusted domain, such as American Express or Snapchat, serves as a temporary landing page before redirecting the user to a malicious website.

DocuSign, FedEx, and Microsoft were used as baits in phishing emails distributed to the Snapchat group, which led to sites that harvest user credentials. Researchers from Inky claim that 6,812 phishing emails sent from Google Workspace and Microsoft 365 hacked over the course of two and a half months used the Snapchat open redirect.

On August 4, 2021, professionals informed Snapchat of a vulnerability through the Open Bug Bounty site, but nothing has been done to fix it.

The matter was made worse by the discovery of the American Express open-redirect vulnerability in more than 2,000 phishing emails in only two days in July. The vulnerability has since been patched, as per the report, and any user who opens the link now is led to an error page on the company's legitimate website.

Prevention cautions

Roger Kay of INKY provided easy measures for preventing open redirect attacks:
  • Domain owners can undertake a few easy actions if they want to further reduce open redirect attacks. First, don't use redirection at all in your site architecture. Domain owners can, however, build an allowlist of permitted safe links to reduce open-redirect misuse if it's required for business reasons.
  • Additionally, domain owners have the option to display caution about external links before forwarding viewers to external websites.
  • Users should be on the lookout for URLs that include things like "url=," "redirect=," "external-link," or "proxy" as they explore websites online. These strings can suggest that a reputable domain might reroute traffic to another website.
  • Additionally, recipients of emails with links should look for repeated instances of "http" in the URL, another possible sign of redirection.

Google Maps…Creepy or Useful?



Whether Android or iPhone there is no denying that Google is there for all of us, keeping a track log of our data in a "Timeline" that unequivocally shows wherever we've been, which while in some cases is amazingly valuable and helpful yet for the rest it’s downright creepy.

The creepy degree of details range from like precisely the time at which the user left for home, arrival at home, the exact route taken along the way, pictures taken in specific locations and then some.

It'll show them if they were driving, strolling or on a train, and any pit stops they may have made during their journey. Like here is an example including a user's stop for lunch, and a meeting they took with Snapchat on the Upper West side earlier in the day.



Zoomed in, one can see the exact course taken to arrive and where the car was parked.


And hence there's no reason as to why Google has to know this much information about any user, except if they truly care about things like Google's recommendations based on where they've been.

So there are a couple of ways the user can recover their privacy. First, here’s how the user can delete everything Google Maps currently knows about them:

  • Open Google Maps on your iPhone or Android phone.
  • Tap your profile picture on the top-right. 
  • Choose “Your data in Maps.” 
  • Choose “See & Delete activity.” 
  • Hit the menu button on the top-right of the page and select “Settings.” 
  • Choose “Delete all location history.” 


 And here’s how the user can set it up so Google automatically deletes all this location data every three months:

  • Open Google Maps on iPhone or Android. 
  • Tap the menu bar on the top-left of the app. 
  • Choose “Your Timeline.” 
  • Tap the three dots on the top-right of the screen. 
  • Choose “Settings and privacy.” 
  • Select “Automatically delete location history.” 
  • Change the setting from “Keep until I delete manually” to “Keep for 18 months” or “Keep for 3 months.” 


 Or, if the user doesn’t mind Google tracking them day to day but just want to stop it for a little while, they can simply turn on Incognito mode in Maps by doing this:


  • Open Maps on your iPhone or Android phone. 
  • Tap your profile picture on the top-right. 
  • Choose “Turn on Incognito mode.”



Congested Google Servers Render Snapchat and YouTube Inaccessible!



The eastern parts of the USA were hit by a sudden congestion of the Google servers which triggered famous apps like YouTube and Snapchat to be inaccessible.


Quite immediately, Google addressed the matter citing that it was dealing with the “high levels of network congestion”.

This was highlighted to be the reason for the inoperative applications. It also affected many other services in the Google Cloud, YouTube and G Suite.

Slow performance or/and sporadic errors are other repercussions of the network congestion. Google engineers are halfway through the restoration process.


Twitter blew up with the questions and worries of the social media users as the applications ceased to work as smoothly as they do.

On the other hand, YouTube and Snapchat also took to their Twitter handles to concede the alarming issue at hand.

Computing happens to be one of the most profitable services Google has to provide but it faces serious rivalry at the hands of other technology organizations like Microsoft and Amazon.


Google Wins a Dismissal of a Lawsuit over the Biometric Privacy Act


The world's largest search engine had a lawsuit filed against it by its users, allegedly stating that Google had violated the privacy of its users by utilizing facial recognition software to examine their photos without their consent.

U.S. District Judge Edmond E. Chang in Chicago dismissed it referring to an absence of "concrete injuries" to the offended parties.

The original suit was known to have been documented in March 2016, a user sued Google for supposedly transferring their information to Google Photos by means of using the facial recognition software and further scanning it in order to create a template of their face without their permission, all the while crossing paths with a unique Illinois law.

In spite of the fact that Google is the first among those well-known who violated the law explicitly as Snapchat and Facebook also have had faced lawsuits for the same ,  Google emerges as the first to prevail upon a dismissal of a lawsuit over the biometric security act.

Google's triumph comes in the midst of open public backlash against the U.S. technology goliaths over misusing of user information and expanded the further examination of privacy policies.