Bethany is an attacker who sends emails containing a rewrite link to trick victims into disclosing passwords. What is the name of this method?

The method described in the scenario is known as an unvalidated redirect. This technique involves an attacker using deceptive emails that contain a link leading to a malicious site designed to capture sensitive information, such as passwords.

The term "unvalidated" implies that the application allows for the use of redirects to external or untrusted sites without proper checks or validations. This vulnerability can be exploited by attackers like Bethany to manipulate users into believing they are being redirected to a legitimate site, thereby tricking them into providing their credentials.

In contrast, validated redirects would include mechanisms to confirm the legitimacy of the destination URL before allowing a redirect. This means legitimate applications would verify that the redirect links only lead to safe, known, and trusted domains before proceeding. The distinction is crucial for preventing social engineering attacks that result from unvalidated redirects, which are a common vector for phishing attempts.