← Back to BrewedIntel
incidentmediumOpen Redirect AbusePhishingSocial Engineering

Apr 06, 2026 • SANS Internet Storm Center

How often are redirects used in phishing in 2026?, (Mon, Apr 6th)

This article analyzes the prevalence of open redirects being exploited in phishing campaigns. Open redirects are web vulnerabilities that allow attackers to...

Source
SANS Internet Storm Center
Category
incident
Severity
medium

Executive Summary

This article analyzes the prevalence of open redirects being exploited in phishing campaigns. Open redirects are web vulnerabilities that allow attackers to manipulate URLs to redirect users from legitimate websites to malicious destinations. Threat actors actively search for and exploit these vulnerabilities to lend credibility to phishing lures, making them harder to detect since the initial URL appears trustworthy. The abuse of open redirects significantly increases phishing campaign effectiveness by bypassing user suspicion. Mitigation strategies include implementing strict URL validation, restricting redirect parameters, and employing URL reputation services to detect and block malicious redirect chains before users are redirected to phishing pages.

Summary

In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused…

Published Analysis

This article analyzes the prevalence of open redirects being exploited in phishing campaigns. Open redirects are web vulnerabilities that allow attackers to manipulate URLs to redirect users from legitimate websites to malicious destinations. Threat actors actively search for and exploit these vulnerabilities to lend credibility to phishing lures, making them harder to detect since the initial URL appears trustworthy. The abuse of open redirects significantly increases phishing campaign effectiveness by bypassing user suspicion. Mitigation strategies include implementing strict URL validation, restricting redirect parameters, and employing URL reputation services to detect and block malicious redirect chains before users are redirected to phishing pages. In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused… In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused…

Read original source