I came across this article today [1] where a popular journalist in India was tricked to think they had a job offer at a prominent University by an elaborate phishing scam.<p>After this I started thinking about the security of modern day domain redirects in the context of phishing. One could register thexyz.edu or something similar that's close enough to xyz.edu for phishing and then directly domain redirect.<p>The commoner, who may have the basic instinct to verify the source of the email might just try to look up the domain from which the email was sent but if that redirects to the real domain they maybe convinced that it's the actual one.<p>Are there any mechanisms to prevent this kind of malicious domain redirect that can be misused? What are your thoughts on this from the security perspective of the larger crowded who may not be well versed with technology?<p>[1] https://twitter.com/Nidhi/status/1350024214997155840?s=20