What is the purpose of confusing HTML links in spam emails?

Email marketer from Mailjet shares that confusing HTML links are used to obfuscate the actual destination URL from users and spam filters. This makes it harder to identify the link as malicious. They often use redirects or URL shorteners to achieve this.

Email marketer from Norton explains that the reason that spam emails use cloaking and redirects is to hide where you are actually going, and to get around spam filters. The email will still look like a legitimate link that you trust.

Email marketer from Neil Patel Digital explains that spammers use URL shorteners and redirects to hide the true destination of the link. This makes it difficult for recipients to know where they are going when they click on a link, and it also makes it more difficult for spam filters to identify malicious links.

Email marketer from Reddit user u/ScamBuster explains that deceptive links are made to look legitimate by using trusted brands, using redirects, or even using unicode domains. This will trick a user into clicking, especially on mobile where the user can't hover over the link.

Email marketer from Reddit user u/cybersecurityanswers explains that the purpose of confusing links is that they hide the true destination of the link. This way, recipients might click on it without realizing the risk. Redirects and URL shorteners are common techniques.

Email marketer from SendPulse states that confusing HTML links, especially those with redirects and unusual formatting, are used to bypass spam filters. The goal is to make the link look legitimate or unrecognizable to automated systems while still leading the user to a malicious site.

Email marketer from VadeSecure shares that the intent of obfuscation in URLs is to evade detection. This can be masking, redirects and many other methods to prevent people from recognizing that it is malicious, or to trick systems into believing it is legitimate.

Expert from Email Geeks explains that the confusing HTML link with the Microsoft domain is there to confuse humans (and, perhaps, really crappy spam filters) that don’t talk HTML. The `target=“blank”` attribute makes them think the spamware may be a bit vague on it too.

Expert from Word to the Wise Team explains that confusing HTML links are used to avoid detection by users and spam filters, making it more likely that the user will click the link and that the email will be delivered to the inbox.

Expert from Spam Resource explains that obfuscated links are often used for tracking. They mention that one client saw spammers use a URL rewriting scheme that included the original recipient's email address, allowing the spammers to track who clicked the link.

Documentation from Microsoft explains that attackers use various techniques to hide the true URL of a link, including URL shortening, redirects, and HTML formatting. This is done to deceive users into clicking on malicious links by making them appear safe.

Documentation from Cisco explains that one tactic used by spammers is to make the URL look trustworthy to prevent recipients from recognizing it as malicious and to get them to click on the link. This is called masking and is often performed using confusing HTML.

Documentation from Google Support explains that a common tactic used in phishing and spam is to disguise the actual URL behind a misleading link. This can be done using HTML or URL shortening services to make the link appear legitimate while leading to a malicious website.