How Open Redirect Can Cause Your Clients to Lose Money

I started looking into this after seeing a LinkedIn post by Jérôme Segura, a respected cybersecurity researcher.

Screenshot from the original post. What caught my attention was how a seemingly legitimate ad could be used to trick users through an open redirect — a common but often underestimated vulnerability.

Take a look at this screenshot:

Here’s what’s going on:

(Red box) The ad appears to come from a trusted source — www.bit.ly — and is marked as "Sponsored".
(Green box) The description mentions a cybersecurity offering and includes a link to or a malicious domain in this case maydaysec.io.

However, the Final URL behind the ad is a malicious link: malicious.com. When a user clicks the ad, gets redirected to malicious site — without verification or warning

This is where open redirects become a real problem.

Example of an Open Redirect Exploit

Here’s a simplified flow of how attackers take advantage of an open redirect on a legitimate domain:

🔗 Example Flow:

1. Vulnerable Domain
A legitimate site like bank.com has an open redirect endpoint, e.g.:
https://bank.com/redirect?url=https://malicious.site/login

2. Abuse Begins
The attacker creates a add using the open redirect:
https://bank.com/redirect?url=https://malicious.site/login`

3. Meta Cloaking
On the malicious.site, the attacker configures the metadata (title, description, favicon) to mimic bank.com.

4. Ad Campaign or Phishing Email
The attacker embeds the link in ads. It looks like it leads to bank.com, and even loads a preview that matches.

5. Redirection Rules
On malicious.site, the attacker can further redirect the user to:

A fake login page
A malware payload
A crypto scam

🧭 Flowchart: Open Redirect Exploitation

User Sees Trusted Domain in Link or ad (e.g., bank.com) --> Link Points to bank.com/redirect --> bank.com Redirects to malicious.site --> malicious.site Loads Bank-like Metadata/ loads a phishing page--> User Enters Credentials / Downloads Malware