• URL Injections are used by phishing attackers in applications, emails, instant messages, chat messages, etc. in order to redirect users to their fraudulent phishing pages. The attacker leverages social engineering and the fact that victims believe they are clicking on a legitimate and non-malicious link. The initial URL is usually included as a hyperlink inside an e-mail message, and the victims who receive the e-mail believe they are clicking through to a legitimate website.