How Threat Actors Exploit Redirect Chains to Bypass Spam Filters

September 25, 2025

Riddle Technologies platform enabled malicious redirect chains, leading victims through CAPTCHA to Gmail credential-harvesting pages.

Email Security
Email Security
2
min read
How Threat Actors Exploit Redirect Chains to Bypass Spam Filters

Threat actors leveraged the Riddle Technologies AG platform to obfuscate malicious URLs in email and bypass spam filters. The email template mimicked an encrypted Mimecast message: shconsult.ing/njZs4vtm

All embedded links redirected to an intermediary landing page hosted on Riddle and from there, pointing to a phishing page hosted at the .sa[.]com TLD, managed by CentralNic Registry: shconsult.ing/81QRbk2w

Victims clicking "sign documents" were routed through CAPTCHA before reaching a credential harvesting page impersonating Gmail login: shconsult.ing/f48zvJb5

The campaign employed redirect chains, abusing legitimate infrastructure to obscure malicious endpoints.

Forensic analysis indicates the spoofed domain has been active for at least 26 days: shconsult.ing/45x9g0c3

Email Security
Cybersecurity
Phishing
Spoofing
Scam
Related posts
All posts
Backscatter Injection Attacks Exploiting Legitimate Infrastructure

Attackers use backscatter emails to bypass filters, harming servers and delivering phishing content.

Backscatter Injection Attacks Exploiting Legitimate Infrastructure
Email Security
The Risks of Abruptly Enforcing DMARC p=reject in Organizations

Sudden DMARC enforcement can disrupt workflows, block emails, and impact organizational operations significantly.

The Risks of Abruptly Enforcing DMARC p=reject in Organizations
Email Security
How a Fake Bank Transfer Email Nearly Fooled Me

Spoofed emails can mimic trusted senders, highlighting risks in elementary school communications.

How a Fake Bank Transfer Email Nearly Fooled Me
Email Security