- Quantum Route Redirect automates phishing, spoofing, and bypassing email security tools
- Detects bots versus humans and redirects real users to credential theft pages.
- More than 1000 domains host it; 76% of victims are in the US, according to KnowBe4
A new phishing platform called “Quantum Route Redirect” is making targeting Microsoft 365 users around the world dramatically simpler, experts at KnowBe4 have warned.
In their report, the researchers said Quantum Route Redirect can automate phishing campaigns that previously required significant technical skills.
It allows attackers to launch large-scale credential theft operations, while spoofing large companies like DocuSign, or sending fake payroll, pay advices, and voicemail alerts. QR code-based “quishing” attacks are also available on the platform.
Targeting the US
One of the key advantages of Quantum Route Redirect is its ability to automatically detect whether a visitor is a robot or a human.
When security tools such as email scanners click on the links, they are redirected to safe, legitimate websites, making the phishing email appear harmless. However, real users are silently redirected to credential harvesting pages.
This automation helps hackers bypass layers of defense, such as Microsoft Exchange Online Protection, secure email gateways, and even integrated cloud email security solutions.
The platform also comes with a dashboard to manage redirects, monitor victim traffic, and view analytics. It includes features like browser fingerprinting, VPN/proxy detection, and real-time statistics, effectively lowering the barrier to entry for cybercriminals.
KnowBe4 researchers have identified approximately 1,000 domains currently hosting the tool, warning that it is spreading like wildfire and that attacks leveraging it have compromised victims in 90 countries, with the United States accounting for 76% of affected users.
Experts warn that Quantum Route Redirect “democratizes” phishing by removing technical complexity and could mark a new era of accessible cybercrime. To defend against this, organizations are urged to combine advanced email security tools with user awareness training, sandboxing, and rapid response procedures in the event of credential compromise.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
