Symantec has reported an increase in spam messages containing .gov URLs. Cybercriminals are using 1.usa.gov links in their spam campaigns to trick users into thinking the links lead to genuine US government Web sites.
Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a trustworthy 1.usa.gov URL.
The click rate of the campaign has been significant, redirecting more than 16,000 victims over a five day period to a malicious website designed to look like a CNBC news article pushing several work from home scams.
According to researchers from security firm Symantec, they simply leveraged an open-redirect vulnerability present on the official government site of Vermont (Vermont.gov) . Therefore, something like 1.usa.gov/…/Rxpfn9 takes you to labor.vermont.gov/LinkClick.aspx?link=[spam site] which then redirects you to the spam site in question.
Email spam has been the primary method for distributing the short links, wrote Jeff Jarmoc of Dell SecureWorks' Counter Threat Unit.
Most of the victims are in United States (61%), Canada (23%), Australia, and Great Britain. While taking advantage of URL shorteners or an open-redirect vulnerability is not a new tactic, the fact that spammers can utilize a .gov service to make their own links is worrisome. We encourages users to always follow best practices and exercise caution when opening links even if it is a .gov URL.