Open redirects are often used in phishing attacks - attacks where malicious links are sent out in emails, in an attempt to trick users into visiting a harmful site.