contadores de paginas web Saltar al contenido

They take advantage of the short URLs of usa.gov to send spam

advertencia bitly enlace corto

A few days ago Symantec detected short links ending .gov that lead to false pages. Spammers took advantage of functionality of the service bitly.com and open redirects that can be done with some sites of the United States government.

Every time a terminating URL .gov or .one thousand is shortened in bitly, the result is a short address of type 1.usa.gov. Although this can be very useful and does not generate problems, when added with open redirects, things change. Let's see an example.

Long url with redirect: http://labor.vermont.gov/LinkClick.aspx?link=https://www.spamloco.net

Same short, camouflaged URL: http://1.usa.gov/VmdHnL

The link above is a typical short link with the plus of being a domain .gov, which in theory should be the most reliable and secure. However, by following it you could end up on any page thanks to the redirect functionality of the first link.

When accessing, before reaching the destination, a warning page of the bitly itself is displayed informing that it could be a problematic link, but many users could ignore it. In addition, the technique allows circumventing some antispam filters since a .gov or .mil link is considered trustworthy.

The spam campaigns detected by Symantec are related to the classic fake pages for working from home answering surveys and the like. I have already spoken about them several times and thanks to these articles many people have been saved from losing their money.

The abuse of open redirects and shorteners to camouflage links is not something new, but this is a very particular situation because they are government domains. According to a statement published in Sophos, authorities are already working to resolve it.

Remember: you have to be careful with all the links received and not believe everything first. Before clicking, analyze the situation, who sends you the link? why Is it something you expected? These are some of the questions you can ask yourself and if it is a short link, you can use some services such as unshorten.com, longurl.org (includes extension for Firefox) and unshort.me (includes extension for Chrome) to see the real destination of the links.

Another very useful plugin for the browser is WOT, which analyzes all the links, including those of the social networks, and classifies them with colors (green, yellow and red) according to their reputation.