Forgot your password?
typodupeerror
Government Spam United States IT

Spammers Using Shortened .gov URLs 75

Posted by timothy
from the just-write-to-pueblo-colorado dept.
hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.
This discussion has been archived. No new comments can be posted.

Spammers Using Shortened .gov URLs

Comments Filter:
  • 2*WTF (Score:5, Interesting)

    by Anonymous Coward on Sunday October 21, 2012 @06:24AM (#41720819)

    Isn't the major WTF in the second stage of the "attack", a .gov site that will happy redirect to _any_ site feed to its (link) script? Obviously the .gov shortening will help in the "attack" on people that do not click everything they see.

  • Re:2*WTF (Score:2, Interesting)

    by Anonymous Coward on Sunday October 21, 2012 @07:52AM (#41721065)

    I would guess that LinkClick.aspx was created to track outbound links from the site.
    That way they can easily create statistics on what links people click on.

    It is a lazy way to do it to avoid having to keep track of which links you want to track.
    Everyone does it, even google search. Although some are doing it in a good way and keep track of what they allow to redirect, not just allow anything.

  • by Anonymous Coward on Sunday October 21, 2012 @08:01AM (#41721105)

    I've been getting spams from IRS.gov. First the content doesn't apply to me, and they are grammatically incorrect. But I can see somebody being fooled. The URL is .irs.gov/get action.aspx. Seeing IRS.gov makes it seem real. Knowing better stops me from clicking the link (but I want to, just to see what it does).

    I thought it might be a SQL injection hack. Great, now there are more .gov attacks, built by the govt.

    What will they think of next?

  • Re:2*WTF (Score:4, Interesting)

    by hymie! (95907) on Sunday October 21, 2012 @08:20AM (#41721189)

    Websites seriously implement such a warning?

    Yes. Go to the IRS web site http://www.irs.gov . At the bottom right, where it says "Visit Other Sites", click on "U. S. Treasury" (which, by the way, is the parent organization of the IRS).

Never ask two questions in a business letter. The reply will discuss the one you are least interested, and say nothing about the other.

Working...