Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Using Shortened .gov URLs

Posted by timothy on from the just-write-to-pueblo-colorado dept.

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

4 of 75 comments (clear)

  1. 2*WTF by Anonymous Coward · · Score: 5, Interesting

    Isn't the major WTF in the second stage of the "attack", a .gov site that will happy redirect to _any_ site feed to its (link) script? Obviously the .gov shortening will help in the "attack" on people that do not click everything they see.

    1. Re:2*WTF by Anonymous Coward · · Score: 2, Interesting

      I would guess that LinkClick.aspx was created to track outbound links from the site.
      That way they can easily create statistics on what links people click on.

      It is a lazy way to do it to avoid having to keep track of which links you want to track.
      Everyone does it, even google search. Although some are doing it in a good way and keep track of what they allow to redirect, not just allow anything.

    2. Re:2*WTF by hymie! · · Score: 3, Interesting

      Websites seriously implement such a warning?

      Yes. Go to the IRS web site http://www.irs.gov . At the bottom right, where it says "Visit Other Sites", click on "U. S. Treasury" (which, by the way, is the parent organization of the IRS).

  2. Oh wow, now it makes sense by Anonymous Coward · · Score: 2, Interesting

    I've been getting spams from IRS.gov. First the content doesn't apply to me, and they are grammatically incorrect. But I can see somebody being fooled. The URL is .irs.gov/get action.aspx. Seeing IRS.gov makes it seem real. Knowing better stops me from clicking the link (but I want to, just to see what it does).

    I thought it might be a SQL injection hack. Great, now there are more .gov attacks, built by the govt.

    What will they think of next?