In a recent report from Menlo Security, it was discovered that “Indeed,” a widely recognized global job search platform headquartered in the U.S., boasting over 350 million monthly visitors and a global workforce of more than 14,000 employees, has become the focus of a significant phishing campaign. This campaign underscores the pervasive threat of abusing trust and how actors exploit credible and popular platforms.

Beginning in July 2023, Menlo Security observed adversaries exploiting an open redirection vulnerability within the indeed[.]com website to redirect victims to a phishing page designed explicitly to pilfer Microsoft credentials. The primary targets of these attacks were C-suite executives and other high-ranking personnel in industries such as banking, financial services, insurance, property management, real estate, and manufacturing, with a particular emphasis on the U.S. Menlo Security reported both the open redirection issue and the observed malicious activities to Indeed. However, it remains uncertain whether the job search platform has taken measures to address the issue.

The exploitation of Indeed used in this campaign takes advantage of executives and other senior level staff looking for employment candidates and represents a watering hole style compromise. Watering hole attacks are nearly impossible for an end-user to proactively detect. However, following general cyber hygiene can help mitigate potential fall out after visiting a compromised website. Best practices include keeping all software, including non-security applications, up to date by conducting regular vulnerability scans and applying security patches. Additionally, employing secure web gateways (SWG) can help filter out web-based threats and enforce acceptable use policies. Furthermore, members are encouraged to include reminders of watering hole attacks as part of security awareness and training. Read more at Menlo Security.