Redirection is when you click on a link and it takes you to a different web site. This can be very useful and proper when done correctly. Open redirects are when a web site allows you to use them as part of a redirect. This is a dangerous practice that aids spammers, phishers, and other malevolent folks.

Here’s an example. If you go to http://www.esetonlinescanner.com/ it will redirect you to http://www.eset.eu/online-scanner. This makes it so that ESET doesn’t have to maintain separate websites for the same content. Now, if you click on www.linkedin.com/redirect?url=http://www.nasdaq.com/ it will take you to www.nasdaq.com and not Linked In.

The use of open redirects is a very common tactic used to fool spam filters and to fool people who believe they are going to one web site and don’t realize a redirect is in progress. Web sites should not be configured to allow open redirects.

You might want to write to Lined In and ask them why they are helping the bad guys. Multiple security professionals have already contacted them about this practice.

Randy Abrams is the Director of Technical Education for ESET LLC