URL Redirection Attack - what it is, warning signs, and how to avoid malicious jumps

URL Redirection Attack

What it is

A URL redirection attack tricks your browser into leaving a real site and loading a fake one. The attacker slips a redirect into a link or page (or abuses a site’s “open redirect” bug), so when you click, you’re quietly sent to a malicious page that can steal logins or push malware.

Why it matters

You think you’re on a trusted site, but the final page is a look-alike built to grab passwords, card details, or install unwanted software.

How it works 

  • Poisoned link: an email/DM/ad includes a legit-looking link that contains a redirect parameter.

  • Open redirect: the real site accepts a ?next= or redirect= value and forwards you anywhere.

  • Bounce: your browser follows the chain to a phishing or malware site.

  • Take: the fake page asks you to log in, pay, or download something.

Red flags

  • Links with long tails like ?redirect= or ?next= pointing to a different domain.

  • You see a flash of one site, then land on another.

  • The address bar doesn’t match the brand you expected.

  • Login pages asking for extra info (full card details, recovery codes).

Do it right

  • Don’t log in through links in emails or texts; open the site from your bookmarks or type it yourself.

  • Before clicking, hover to preview the real destination; check the domain after the page loads.

  • If a site bounces you somewhere unexpected, close the tab and try again from a clean, known link.

  • Use a password manager - it won’t autofill on the wrong domain.

  • Keep your browser and security software updated to block known bad sites.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Phishing

        What it is Phishing is a scam where someone pretends to be a trusted person or service to trick you into giving up passwords, card numbers, or other sensitive data. It shows up in email, texts, social DMs, and look-alike websites. For a quick ...

      • Web Protection

        What it is Web protection is a bundle of tools and settings that keep you safer while you browse. It blocks dangerous sites and downloads, warns about fake logins, filters sketchy links, and helps keep your info private. It can run on your device ...

      • Web Cache Poisoning

        What it is Web cache poisoning is when attackers sneak bad content into a website’s cache. The cache is a “shortcut” server use to make pages load faster for everyone. If it’s poisoned, later visitors get the attacker’s fake version instead of the ...

      • URL Hijack

        What it is URL hijacking is when scammers get you to visit the wrong website on purpose. They register look-alike addresses for popular sites (like amaz0n.com or gooogle.co) or set up sneaky redirects, so a small typo or a tricky link sends you to a ...

      • Email Attack

        What it is An email attack uses your inbox as the doorway. Criminals send messages that trick you or deliver malware - from fake “account alerts” to booby-trapped invoices - aiming to steal logins, install spyware/ransomware, or get you to send ...