Spammers Using Shortened .gov URLs
75
hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.
They want all your money... (Score:5, Funny)
...just like other .gov websites [irs.gov]
The Simple Answer (Score:2, Funny)
Everyone is responsible for knowing where they are clicking through to. Nobody bothers to check the actual target URL. A simple answer is:
1. Turn on the status bar at the bottom of the browser window.[usually View/Toolbars/Status Bar (checkbox)]
2. Each URL pointed to will show the actual target in the status bar.
3. Make sure that's really where you want to go, and DON'T click if you don't recognise the URL shown there.