Widespread credential phishing campaign abuses open redirector links