Online spammers are increasingly using .gov URLs to spam the general public by taking advantage of a the between USA.gov and URL shortening service bitly.com, according to Symantec.
In a new blog post, Symantec said spammers are using an open-redirect vulnerability to set up a 1.usa.gov URL, the same that is created when someone shortens a .gov or a .mil site, that instead leads to a spam website.
USA.gov provides data created any time someone clicks on a 1.usa.gov URL. Analysis from Symantec of this data from earlier this month shows that this trend began on October 12. As of October 18, 43,049 clicks were made through 1.usa.gov shortened URLs to these spam domains:
- consumeroption.net
- consumerbiz.net
- workforprofit.net
- consumeroptions.net
- consumerlifenet.net
- consumerbailout.net
- consumerlifetoday.net
- consumerneeds.net
- consumerstoday.net
- consumerlivestoday.net
In addition to volume, the data also provides some insight into the locations of the clicks. Symantec said 36,664 of 43,049 spam clicks had a country code associated with them.
Of the 124 countries identified, the top four countries on a daily basis were the United States, Canada, Australia and Great Britain. The United States made up the biggest slice with 61.7 percent of the clicks, according to Symantec.
“While taking advantage of URL shorteners or an open-redirect vulnerability is not a new tactic, the fact that spammers can utilize a .gov service to make their own links is worrisome,” Symantec said. “Symantec encourages users to always follow best practices and exercise caution when opening links even if it is a .gov URL.”