Redirect flaw on .gov sites leaves open door for phishers

Share this article:

At least 20,000 users have fallen victim to a spam campaign that uses shortened links to legitimate government sites to carry out a hoax.

In the scams, users receive emails containing “1.usa.gov” short links and are redirected twice upon clicking -- first, immediately past a legitimate government site, then, to websites that look like CNBC news articles touting “$4,000 a month” home-based business opportunities. 

Once at the fake CNBC site, victims are lured into clicking on links on the page that direct them to a home-based business site also owned by attackers.

Researchers at Dell SecureWorks Counter Threat Unit (CTU) dissected the campaign and have yet to see any cases of malware being on the hacker sites, though exploit kits could appear on the pages at any time.

Jeff Jarmoc, senior security researcher at CTU, told SCMagazine.com on Friday that to steal personal information, fraudsters count on victims filling out a form on the home-based business site.

“I haven't seen anything that asks for credit card information,” Jarmoc said. “All I've seen is [forms] asking for names, addresses, phone numbers and emails. They may be used to recruit money mules. I'm not entirely sure what they are after, but it seems to be direct financial fraud, or to get you to participate in some other scheme.”

While the campaign is relatively elementary, the tactic is troubling, as attackers are exploiting a vulnerability in legitimate government sites to redirect victims elsewhere, researchers said.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.