The Risk of Redirector Domains in Phishing Attacks
Researchers at GreatHorn warn that a large-scale phishing campaign is using open redirects to evade email security filters. Open redirects allow attackers to take a URL from a non-malicious website and tack on a redirect, so that when the link is clicked it will take the user to a phishing page. This results in a phishing link that can fool both humans and technology. A human may inspect the URL and conclude that it will take them to a legitimate site, while security filters will struggle to flag the link as malicious.