ANNOUNCEMENT : ALL OF ROYAL MAIL'S EMPLOYMENT POLICIES (AGREEMENTS) AT A GLANCE (Updated 2021)... HERE

ROYAL MAIL DELAYS : PLEASE BE AWARE THAT THERE IS A BIT OF A BACKLOG IN THE SYSTEM, WE ARE DOING OUR BEST TO DELIVER WHAT WE CAN DAILY BUT UNFORTUNATELY IN SOME AREAS THERE WILL BE DELAYS. PLEASE HAVE SOME PATIENCE AS WE ARE DOING WHAT WE CAN.Postal workers of royalmailchat.co.uk


Open redirect on UK council website was being used for Royal Mail-themed parcel payments scam

Latest Royal Mail and CWU news.This is an open forum.
Post Reply
User avatar
TrueBlueTerrier
FORUM ADMINISTRATOR
Posts: 64503
Joined: 30 Dec 2006, 10:29
Gender: Male
Location: Proud to be part of the Union
Contact:

Open redirect on UK council website was being used for Royal Mail-themed parcel payments scam

Post by TrueBlueTerrier »

https://www.theregister.com/2021/09/13/ ... site_spam/

An open redirect on a UK council-backed property website allowed low-level miscreants to evade filters.

The website operated by tech services biz Civica had an open redirect being actively abused by spammers, piggybacking off the website's domain authority so their messages weren't flagged up by scanning tools.

Fortuitously, one of the spam emails that bounced through the Homes4Wiltshire website ended up in the mailbox of ethical hacker Scott Helme, who was intrigued enough to track down how it had got through his defences.

The message itself was a Royal Mail-themed spam campaign urging Helme to pay for a delivery – a very familiar scam from the past couple of years. On clicking the "proceed now" button in the email, he saw it linked to Homes4Wiltshire's website – and traced the full number of hops back to a domain called package-royamail[.]co[.]uk. (Did you spot the missing L? Plenty wouldn't have.)

Helme blogged about his detective work tracking down the root cause of the redirect, which he attributed to a configuration problem in a web app deployed by Civica to its customers' websites. Some brief Google-enabled sleuthing helped him find other domains using the same unique ViewSwitcherSwitchView?mobile=True&returnUrl= string.

Open redirects exist when parameters passed in an HTTP GET request redirect the user to another URL without validating the target address. Trustwave has a blog post with more detail about the flaw, noting it tends to get little attention these days as it doesn't expose user data or pose an immediate threat to the website operator.

"The reason these open redirects are useful is that they add legitimacy to the URL in the email itself which helps it to bypass spam filters," noted Helme.

Spam emails sent with links to recently spun-up domains are likely to be caught by spam filters, whereas using open redirects on well-established sites for bouncing users through a few sites until they end up on a phishing page means the odds of the message being filtered out are much lower.

Open redirects can also affect a domain name's reputation, potentially up to and including creating problems for legitimate emails sent by legitimate users. Many, however, are legitimate: anyone who has ever clicked a link in a genuine marketing email and seen their browser rapidly flick through different domains before landing on the promised one will have seen the click-tracking technique at work.

We have contacted Civica, operator of the Homes4Wiltshire website, and will update this article if we hear back. We understand that the open redirect has been closed off.

Microsoft has previously warned of credential-phishing campaigns abusing open redirect vulnerabilities to get through spam filters
All post by me in Green are Admin Posts.
Any post in any other colour is my own responsibility.
I am using an automatic grammar and spelling app, your original post if quoted may be amended by default. No judgement in your use of grammar or spelling is intended or meant.
Any news stories you can't post - PM me with a link
Post Reply