- Quantum Route Redirect automates phishing, brand impersonation and bypassing email security tools
- It detects bots versus humans, redirecting real users to credential-stealing pages.
- More than 1,000 domains host it; 76% of victims are in the United States, according to KnowBe4
A new phishing platform called “Quantum Route Redirect” is making it much easier to target Microsoft 365 users around the world, KnowBe4 experts have warned.
In their report, the researchers claim that Quantum Route Redirect can automate phishing campaigns that previously required significant technical skills.
It allows attackers to launch large-scale credential theft operations while impersonating large companies such as DocuSign, or to send fake payroll, payment notices, and voicemail alerts. Quishing attacks based on QR codes are also available on the platform.
Target the United States
One of the main advantages of Quantum Route Redirect is its ability to automatically detect whether a visitor is a robot or a human.
When security tools such as email scanners click on the links, they are redirected to safe and legitimate websites, making the phishing email appear harmless. Real users, however, are silently redirected to credential collection pages.
This automation helps hackers bypass layers of defense like Microsoft Exchange Online Protection, secure email gateways, and even built-in cloud email security solutions.
The platform also comes with a dashboard to manage redirects, monitor victim traffic, and view analytics. It includes features such as browser fingerprinting, VPN/proxy detection, and real-time statistics, effectively lowering the barrier to entry for cybercriminals.
KnowBe4 researchers have identified around 1,000 domains currently hosting the tool, warning that it is spreading like wildfire, and that attacks exploiting it have compromised victims in 90 countries, with the United States accounting for 76% of affected users.
Experts warn that Quantum Route Redirect “democratizes” phishing by removing technical complexity and could mark a new era of accessible cybercrime. To defend against this, organizations are encouraged to combine advanced email security tools with user awareness training, sandboxing, and rapid response procedures in the event of credential compromise.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
