Spammers Using Shortened .gov URLs
75
hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.
2*WTF (Score:5, Interesting)
Isn't the major WTF in the second stage of the "attack", a .gov site that will happy redirect to _any_ site feed to its (link) script? Obviously the .gov shortening will help in the "attack" on people that do not click everything they see.
Re:2*WTF (Score:2, Interesting)
I would guess that LinkClick.aspx was created to track outbound links from the site.
That way they can easily create statistics on what links people click on.
It is a lazy way to do it to avoid having to keep track of which links you want to track.
Everyone does it, even google search. Although some are doing it in a good way and keep track of what they allow to redirect, not just allow anything.
Oh wow, now it makes sense (Score:2, Interesting)
I've been getting spams from IRS.gov. First the content doesn't apply to me, and they are grammatically incorrect. But I can see somebody being fooled. The URL is .irs.gov/get action.aspx. Seeing IRS.gov makes it seem real. Knowing better stops me from clicking the link (but I want to, just to see what it does).
I thought it might be a SQL injection hack. Great, now there are more .gov attacks, built by the govt.
What will they think of next?
Re:2*WTF (Score:4, Interesting)
Websites seriously implement such a warning?
Yes. Go to the IRS web site http://www.irs.gov . At the bottom right, where it says "Visit Other Sites", click on "U. S. Treasury" (which, by the way, is the parent organization of the IRS).