Spammers Using Shortened .gov URLs

Posted by timothy on Saturday October 20, 2012 @10:40PM from the just-write-to-pueblo-colorado dept.

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

2 of 75 comments (clear)

Min score:

Reason:

Sort:

2*WTF by Anonymous Coward · 2012-10-20 23:24 · Score: 5, Interesting

Isn't the major WTF in the second stage of the "attack", a .gov site that will happy redirect to _any_ site feed to its (link) script? Obviously the .gov shortening will help in the "attack" on people that do not click everything they see.
1. Re:2*WTF by hymie! · 2012-10-21 01:20 · Score: 3, Interesting
  
  Websites seriously implement such a warning?
  Yes. Go to the IRS web site http://www.irs.gov . At the bottom right, where it says "Visit Other Sites", click on "U. S. Treasury" (which, by the way, is the parent organization of the IRS).