A redirect chain is simply a sequence of URLs that forward you to a final destination. It’s also a common technique for hiding malicious endpoints behind seemingly harmless links.
Your goal isn’t to “never click links.” Your goal is to learn the destination domain and context before you do anything sensitive (logins, downloads, payments). Redirect awareness is a practical skill, not paranoia.
What to look for
- How many hops? Long chains often indicate tracking or obfuscation.
- Does the domain change in surprising ways?
- Do you end on a login prompt you didn’t initiate?
- Do you end on an unexpected download?
Common redirect patterns (benign vs risky)
- Benign: a single hop from http → https on the same domain.
- Benign: a known link shortener that resolves to an official company domain.
- Risky: multiple hops across unrelated domains, especially with random subdomains.
- Risky: “login” pages on a domain you don’t recognize, or a domain that looks like a typo of a real brand.
- Risky: redirects that add suspicious query parameters (tracking is normal; credential prompts are not).
Safe workflow
- Expand short links and record the final destination domain.
- If the final destination is sensitive (auth/payment), stop and use an official route instead.
- Treat “newly registered” or odd-looking domains as higher risk.
- If you must proceed, do it in a hardened environment and avoid entering credentials.
When to stop and switch to an official route
Stop signs
- A login page you didn’t request, especially from email/DM links.
- A download prompt for an “update”, “invoice”, or “scanner.”
- A domain that is close to a real brand but not exact (lookalikes/typos).
- Anything asking for MFA codes or password resets from an untrusted flow.
Best practice for teams
Create a habit: never authenticate via a link you didn’t request. Use bookmarks or manually type the official domain for high-stakes flows.