What is an open redirect?
An open redirect lets an attacker use a trusted website link to send users to an untrusted or malicious website.
Simple example
A link starts with the real company domain but redirects the user to a fake login page.
Why it matters
Open redirects are often used to make phishing links look more trustworthy.
Common warning signs
- The activity is unexpected or unusual for the business context.
- The request or system behaviour creates pressure to act quickly.
- Normal approval, verification, or security processes are bypassed.
- There are signs of unauthorised access, data exposure, or system change.
- Staff are unsure whether the request, message, or system behaviour is legitimate.
Cyber Doc view
This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.
What to do
Proactive steps
- Avoid accepting arbitrary redirect destinations.
- Use allowlists for approved redirect targets.
- Show warnings before leaving the site where appropriate.
- Test login and marketing redirect links.
- Monitor for abuse of redirect parameters.
Reactive steps
- Disable the vulnerable redirect if it is being abused.
- Review logs to understand where users were redirected.
- Patch the redirect validation.
- Warn affected users if phishing abuse is likely.
- Search for similar redirect patterns elsewhere.
Related terms
- Phishing
- Web application security
- Input validation