Redirect flaw on .gov sites leaves open door for phishers

Share this article:

At least 20,000 users have fallen victim to a spam campaign that uses shortened links to legitimate government sites to carry out a hoax.

In the scams, users receive emails containing “1.usa.gov” short links and are redirected twice upon clicking -- first, immediately past a legitimate government site, then, to websites that look like CNBC news articles touting “$4,000 a month” home-based business opportunities. 

Once at the fake CNBC site, victims are lured into clicking on links on the page that direct them to a home-based business site also owned by attackers.

Researchers at Dell SecureWorks Counter Threat Unit (CTU) dissected the campaign and have yet to see any cases of malware being on the hacker sites, though exploit kits could appear on the pages at any time.

Jeff Jarmoc, senior security researcher at CTU, told SCMagazine.com on Friday that to steal personal information, fraudsters count on victims filling out a form on the home-based business site.

“I haven't seen anything that asks for credit card information,” Jarmoc said. “All I've seen is [forms] asking for names, addresses, phone numbers and emails. They may be used to recruit money mules. I'm not entirely sure what they are after, but it seems to be direct financial fraud, or to get you to participate in some other scheme.”

While the campaign is relatively elementary, the tactic is troubling, as attackers are exploiting a vulnerability in legitimate government sites to redirect victims elsewhere, researchers said.

Page 1 of 2
Share this article:

Sign up to our newsletters

More in News

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

Released Tuesday, the update prevents exploit via "triple handshake" attacks, which could allow a bypass of encryption safeguards.

'Unauthorized' media contact a fireable offense for U.S. intel employees

The new media policy states that U.S. intelligence employees who have "unauthorized" contact with the media could lose their jobs.

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.