What is URL obfuscation?

URL obfuscation disguises link destinations to evade detection and deceive users. Techniques include: URL shorteners hiding actual destinations, encoded characters masking domains, and redirect chains obscuring final targets.

Common techniques: using bit.ly or similar shorteners, percent-encoding characters (%20 for space), embedding credentials in URLs (user@legitimate.com@malicious.com), subdomain tricks (legitimate.com.malicious.com), and multiple redirects.

Defense includes: expanding shortened URLs before clicking, hovering to preview actual destinations, being suspicious of complex URLs, and using security tools that analyze redirect chains. Education helps users recognize obfuscation attempts.