Cyber-scammers have started using the 1.usa.gov links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate US Government website.
Spammers have achieved these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and Bit.ly have collaborated thus enabling anyone to shorten a .gov or .mil URL into a trustworthy 1.USA.gov URL. Further, according to an explanation provided by HowTo.gov, USA.gov short URLs do not require any log in.
As pointed out by Symantec, beyond the legitimate users, cyber scammers and spammers have found this method of shortening URLs very lucrative. Symantec notes, By using an open-redirect vulnerability, spammers were able to set up a 1.usa.gov URL that leads to a spam website
— via redwolf.newsvine.com
RSS – Posts