Many web applications make redirections based on parameters that users can easily control, like GET parameters. When the application fails to properly check and filter these inputs, they can be vulnerable to Open Redirect where attacker can redirect users to a malicious website. Open Redirect vulnerabilities are exploited in phishing attacks to redirect users from a trusted website to an attacker-controlled one. In well executed attacks, most of the users would not notice it without carefully looking at the URL to see the difference.