Attackers abuse open redirect vulnerabilities to make malicious links appear trustworthy. These links begin with a legitimate domain, but when clicked, they send you to a completely different site—often one used for phishing or malware delivery.
It often begins with a link like “trusted-company[.]com/redirect?url=malicious-site[.]com” to bypass filters and build false confidence. Since the domain looks familiar, you’re more likely to trust it and click through. Behind the scenes, you’re immediately redirected to an attacker-controlled page.
This tactic works because many users and security tools only check the start of a URL. It’s frequently used in credential phishing and malware campaigns, especially when combined with realistic branding that makes the message feel like it came from a legitimate source.