Redirect flaw on .gov sites leaves open door for phishers

Share this article:

At least 20,000 users have fallen victim to a spam campaign that uses shortened links to legitimate government sites to carry out a hoax.

In the scams, users receive emails containing “1.usa.gov” short links and are redirected twice upon clicking -- first, immediately past a legitimate government site, then, to websites that look like CNBC news articles touting “$4,000 a month” home-based business opportunities. 

Once at the fake CNBC site, victims are lured into clicking on links on the page that direct them to a home-based business site also owned by attackers.

Researchers at Dell SecureWorks Counter Threat Unit (CTU) dissected the campaign and have yet to see any cases of malware being on the hacker sites, though exploit kits could appear on the pages at any time.

Jeff Jarmoc, senior security researcher at CTU, told SCMagazine.com on Friday that to steal personal information, fraudsters count on victims filling out a form on the home-based business site.

“I haven't seen anything that asks for credit card information,” Jarmoc said. “All I've seen is [forms] asking for names, addresses, phone numbers and emails. They may be used to recruit money mules. I'm not entirely sure what they are after, but it seems to be direct financial fraud, or to get you to participate in some other scheme.”

While the campaign is relatively elementary, the tactic is troubling, as attackers are exploiting a vulnerability in legitimate government sites to redirect victims elsewhere, researchers said.

Page 1 of 2
Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.