If attackers compromise your Website, they might insert malicious code that redirects visitors to phising or malware Websites. Or they might also lure visitors to the malicious redirects with spam email. Those messages can be something as simple as:
If you see messages like this about your own Website, you should review your website content for files containing malicious redirects. Typically, these files are created in separate directories, like these:
These files will contain a list of domains and a line of code that performs the actual redirect — they look something like this:
<meta http-equiv="refresh" content="2; url= ">
http-equiv gets the visitors' browser to load the malicious website.
Obviously, you want to remove any files containing redirects as soon as possible.
There are many ways attackers can insert this malicious code on your Website. If this has happened to you, we recommend the following to secure your Website:
You can also find more information about application security compromises in What if my website is hacked?.