Spammers Using Shortened .gov URLs
75
hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.
Re:2*WTF (Score:5, Informative)
That was exactly my thought. The URL shortener may be a f'up having it open like that, but the bigger f'up is the fact the site in the second link allows any address
For example
Http://labor.vermont.gov/LinkClick.aspx?link=http://www.slashdot.org
To me that's the bigger f'up
Re:2*WTF (Score:5, Informative)
It will be for tracking purposes, so that the site owners knows who has clicked on which external links, and from which pages on their site.
I'm not saying it's a marvel of engineering, but it's a common request from marketers.