Attackers are exploiting open redirects to distribute links to credential-harvesting sites, according to Roger Kay at INKY. The attackers are exploiting vulnerable American Express and Snapchat domains to launch the attacks. American Express has since fixed the vulnerability, but Snapchat’s domain remains unpatched.