How can redirection attacks mask lookalike domains?
Redirection chains hide final destinations. Attackers link to legitimate-looking URLs that redirect through multiple hops to malicious endpoints. Initial links may pass reputation checks while final destinations don't.
Techniques: using legitimate URL shorteners, compromised websites as redirectors, and cloud service URLs that redirect to **phishing**. Each hop obscures the attack chain.
Defense includes: URL scanning that follows redirects, time-of-click checking (analyzing destination when clicked, not when received), and blocking known redirect abuse patterns. Education helps users recognize unexpected redirections.
Was this answer helpful?
Thanks for your feedback!