Palo Alto’s Unit 42 threat intel team wants to draw the security industry’s attention to an increasingly common tactic used by phishers to harvest victims’ credentials. The infocseccers say they’d spotted miscreants abusing refresh entries in HTTP headers to the tune of circa 2,000 large-scale phishing campaigns between May and July this year, although the practice has been observed throughout the year.

Source: The Register