Open Redirects are a great thing for attackers: users click on a trustworthy-looking link and think nothing of it. Why should they? They have learned in various repetitive trainings to look for the little lock icon in the URL bar of the browser and to check everything down to the domain extension before clicking on a link (modern browsers even highlight the important part). The boatload of cryptic parameters afterwards won’t bother us any more — we are used to this by now. So why make a f...
