Naked Security Blog

March 17, 2016

Spammers Abusing Trust in US .Gov Domains

This post was originally published on this site Spammers are abusing ill-configured U.S. dot-gov domains and link shorteners to promote spammy sites that are hidden behind short links ending in”usa.gov”. Spam purveyors are taking advantage of so-called “open redirects” on several U.S. state Web sites to hide the true destination to which users will be taken if they click the link.  Open redirects are potentially dangerous because they let spammers abuse the reputation of the site hosting the redirect to get users to visit malicious or spammy sites without realizing it. For example, South Dakota has an open redirect: http://dss.sd.gov/scripts/programredirect.asp?url= …which spammers are abusing […]