Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Cybersecurity researchers have warned of phishing campaigns that abuse HTTP header refresh entries to deliver spoofed email login pages designed to harvest user credentials. Observed from May to July 2024, the campaigns targeted multinational corporations in South Korea and government agencies and schools in the U.S., with over 2,000 malicious URLs detected. The attackers used sophisticated tactics to evade detection and trick victims, by using legitimate or compromised domains and URL shortening services.