Watch out for scam shortened .gov links

The point that internet scammers often neglect URL shortening solutions to be able to trick customers into following risky hyperlinks is not something new, but Symantec scientists have lately identified a significant improve in harmful hyperlinks shorter with the 1.USA.gov service.

The outcome of a cooperation between USA.gov and bitly.com, the service is instantly applied whenever anyone uses bitly to reduce a URL that finishes in .gov or .mil.

In the newest spam strategies, the provided shorter 1.USA.gov hyperlinks redirect to a .vermont.gov website, which then thanks to a open-redirect vulnerability is made to forward the guests to a scammy work-from-home web page that spoofs a genuine financial information system website:

“To add legitimacy to the website, spammers have designed it so that other links, such as the menu bar at the top and other news articles, actually lead to the financial news website that it is spoofing. However, the links in the article all lead to a different website where the spammer tries to make the sale,” the engineers say.

The strategy seems rather effective, as the shorter URLs have been followed by over 43,000 customers in seven days – a lot of which are (not surprisingly) customers in the U. S.

The shorter 1.USA.gov hyperlinks offer an element of authenticity to the provided hyperlinks, as the customers are more prepared to believe in them that random ones. The other issue is that too many .gov websites can be affected to provide as redirectors to other harmful websites.