Cybercriminals often rely on URL shortening services in order to trick their potential victims into clicking on links. Now, they’ve started utilizing a service that’s designed for US government agencies and their employees.
It all starts with a simple email that reads: “Hi Jean-Guy you check this http://1.usa.gov/Rxpfn9.”
While the link may seem legitimate, in reality it points victims to all sorts of malicious domains that have been set up to host advertisements for “make easy money” scams.
So how can the cybercrooks do this, considering the fact that the link from the email is genuine?
First, you must know that the US government has its own URL shortening service. 1.USA.gov
is the result of a collaboration between USA.gov and the popular bitly.com. When someone tries to shorten an URL that ends with .mil or .gov by using bitly.com, they’ll be given a 1.usa.gov URL.
It’s clear that this is how the spammers got the genuine-looking URL. But how did they come up with a .gov or .mil domain in the first place?
researchers from security firm Symantec, they simply leveraged an open-redirect vulnerability present on the official government site of Vermont (Vermont.gov).
The figures show that on October 18, 2012, over 43,000 users had already led been to the shady job advertisements via the shortened 1.usa.gov URLs. Apparently, those who clicked on them are from all around the world; 124 countries, to be more precise.
However, most of them reside in the United States (61%), Canada (23%), Australia, and Great Britain. This is not surprising, considering that internauts from the US are most likely to click on URL’s ending in .gov.
Experts advise users to be careful when clicking on links received in unsolicited emails, even if they appear legitimate.