Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Using Shortened .gov URLs

Posted by timothy on from the just-write-to-pueblo-colorado dept.

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

18 of 75 comments (clear)

  1. They want all your money... by bradley13 · · Score: 5, Funny

    ...just like other .gov websites

    --
    Enjoy life! This is not a dress rehearsal.
  2. 2*WTF by Anonymous Coward · · Score: 5, Interesting

    Isn't the major WTF in the second stage of the "attack", a .gov site that will happy redirect to _any_ site feed to its (link) script? Obviously the .gov shortening will help in the "attack" on people that do not click everything they see.

    1. Re:2*WTF by rjr162 · · Score: 5, Informative

      That was exactly my thought. The URL shortener may be a f'up having it open like that, but the bigger f'up is the fact the site in the second link allows any address
      For example

      Http://labor.vermont.gov/LinkClick.aspx?link=http://www.slashdot.org

      To me that's the bigger f'up

    2. Re:2*WTF by dingen · · Score: 4, Insightful

      A script called "LinkClick.aspx" which takes a url as argument and forwards the browser to that address. Seriously, what the hell? Do these people know ANYTHING about how the web works? I can't even begin to describe what a load of nonsense such a script is to begin with. How about, oh I don't know, an actual link? Or an HTTP redirect?

      Why the hell was "LinkClick.aspx" even created to begin with? Let alone why it's publicly available and accepts any url. This is so wrong, my head is about to explode.

      --
      Pretty good is actually pretty bad.
    3. Re:2*WTF by dingen · · Score: 4, Insightful

      If it was my job to produce a list of all links, I would scan the site for all links. How about that?

      I really can't believe people who come up with stuff like this... I mean, a script with the ability to redirect to anything a user inputs, that just doesn't make any sense whatsoever.

      --
      Pretty good is actually pretty bad.
    4. Re:2*WTF by Afty0r · · Score: 5, Informative

      It will be for tracking purposes, so that the site owners knows who has clicked on which external links, and from which pages on their site.

      I'm not saying it's a marvel of engineering, but it's a common request from marketers.

    5. Re:2*WTF by Anonymous Coward · · Score: 2, Interesting

      I would guess that LinkClick.aspx was created to track outbound links from the site.
      That way they can easily create statistics on what links people click on.

      It is a lazy way to do it to avoid having to keep track of which links you want to track.
      Everyone does it, even google search. Although some are doing it in a good way and keep track of what they allow to redirect, not just allow anything.

    6. Re:2*WTF by hymie! · · Score: 3, Interesting

      Websites seriously implement such a warning?

      Yes. Go to the IRS web site http://www.irs.gov . At the bottom right, where it says "Visit Other Sites", click on "U. S. Treasury" (which, by the way, is the parent organization of the IRS).

    7. Re:2*WTF by dingen · · Score: 2

      That really is quite ridiculous. But at least don't they don't allow just any url in their redirection script, I guess that's something...

      --
      Pretty good is actually pretty bad.
    8. Re:2*WTF by fatphil · · Score: 2

      For me, when I click on a link to a youtube video from within a comment on a youtube video, youtube warns me that I'm about to leave youtube, and be redirected to youtube, asking me if I really want to do that.

      --
      Also FatPhil on SoylentNews, id 863
    9. Re:2*WTF by similar_name · · Score: 2

      Google search results are all redirects.

      Google or Slashdot? If you try to alter it I believe Google gives you a redirect warning. But as long as you can find your site through Google you can create a link that looks like it goes to Google but goes wherever you want.

    10. Re:2*WTF by Delusionner · · Score: 2

      The usual way to implement that sort of tracking is by having a list of sensible URLs to track in the database and redirecting *only* those.

  3. Maybe it's just me... by dingen · · Score: 4, Insightful

    ... but a url which starts with "1.usa.gov" doesn't strike me as particularly trustworthy.

    --
    Pretty good is actually pretty bad.
    1. Re:Maybe it's just me... by MightyYar · · Score: 2

      But the government does it's job so competently everywhere else!

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    2. Re:Maybe it's just me... by Ol+Biscuitbarrel · · Score: 2

      Try whitehouse.com. Not much going on there these days either.

    3. Re:Maybe it's just me... by bill_mcgonigle · · Score: 2

      True, but something like ''FedWorld' sounds like an obvious scam too. The thing is, obvious scams are obvious because it's easy to detect the incompetence, but then you try to apply that to government, and all bets are off.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  4. Oh wow, now it makes sense by Anonymous Coward · · Score: 2, Interesting

    I've been getting spams from IRS.gov. First the content doesn't apply to me, and they are grammatically incorrect. But I can see somebody being fooled. The URL is .irs.gov/get action.aspx. Seeing IRS.gov makes it seem real. Knowing better stops me from clicking the link (but I want to, just to see what it does).

    I thought it might be a SQL injection hack. Great, now there are more .gov attacks, built by the govt.

    What will they think of next?

  5. The Simple Answer by Anonymous Coward · · Score: 2, Funny

    Everyone is responsible for knowing where they are clicking through to. Nobody bothers to check the actual target URL. A simple answer is:
    1. Turn on the status bar at the bottom of the browser window.[usually View/Toolbars/Status Bar (checkbox)]
    2. Each URL pointed to will show the actual target in the status bar.
    3. Make sure that's really where you want to go, and DON'T click if you don't recognise the URL shown there.