Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Using Shortened .gov URLs

Posted by timothy on from the just-write-to-pueblo-colorado dept.

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

4 of 75 comments (clear)

  1. They want all your money... by bradley13 · · Score: 5, Funny

    ...just like other .gov websites

    --
    Enjoy life! This is not a dress rehearsal.
  2. 2*WTF by Anonymous Coward · · Score: 5, Interesting

    Isn't the major WTF in the second stage of the "attack", a .gov site that will happy redirect to _any_ site feed to its (link) script? Obviously the .gov shortening will help in the "attack" on people that do not click everything they see.

    1. Re:2*WTF by rjr162 · · Score: 5, Informative

      That was exactly my thought. The URL shortener may be a f'up having it open like that, but the bigger f'up is the fact the site in the second link allows any address
      For example

      Http://labor.vermont.gov/LinkClick.aspx?link=http://www.slashdot.org

      To me that's the bigger f'up

    2. Re:2*WTF by Afty0r · · Score: 5, Informative

      It will be for tracking purposes, so that the site owners knows who has clicked on which external links, and from which pages on their site.

      I'm not saying it's a marvel of engineering, but it's a common request from marketers.