Skip to content

Fake URLs & Unexpected Redirects

Many direct cyber-attacks begin with a fake URL being clicked – they can lead to immediate malware downloads, malicious redirects designed to infect your machine, or redirects hoping to trick you into sharing valuable information with a fake website. Here are some tips that can help you avoid becoming a victim of fake URLs and unexpected redirects.

Be aware of malicious redirects specifically targeted at mobile devices.

“One technique attackers use is to use a very long URL as people open on their phone and even if they try to expand it, they won’t expand whole thing and click on it anyway.” Javvad Malik, KnowBe4

Don’t be so eager to open or expand URLs that are linked to you, even if they are linked through messaging apps that you use often. Checking your application manager for unfamiliar or unnamed apps is a good idea, especially if you’re experiencing some unexplained issues with mobile app behavior.

Remember that data breaches happen all the time.

When a company that owns an app or website has a data breach, they don’t always come clean right away; this means your data could be compromised for months, maybe even years, before you become aware of it. All the while, you could be using the compromised website or app, completely unaware that your login information has been bought and sold on the internet several times already. This means you are constantly a target for malicious redirects and fake URLs, even if your behavior on the internet is relatively safe.

Double check contact information fields in emails to ensure they aren’t coming from fake URLs.

Be sure to double-check the information of the person sending you an attachment or link for things like misspellings and unexpected additions to URLs. For example, if you’re expecting a reply from, be on the lookout for emails containing,,, etc.

Even if the URL looks safe, it could include homographic “tricks”, replacing a letter in the familiar URL with a letter in a different language that looks the same, or extremely similar. For example, gᴑᴑ looks a lot like a very familiar URL at first – but look closer. The double letter “o” in google is actually two Latin “ᴑ” characters (U+1D11), instead of two lowercase letter “o”.

OCTOBER 9, 2021
Authored here @ hello internet.