.gov Now Used for Cybercrime

Complete Identities for Sale by Ted Avery via Flickr

We’ve been conditioned to trust URLs that end in .gov but the latest cyberthreat reminds us that links aren’t always what they seem.

Earlier today Slashdot reported that scammers are now using 1.USA.gov to trick users into clicking on links that redirect them to faulty sites. Originally intended to be a positive collaboration between USA.gov and bitly.com, 1.USA.gov links were designed to allow government agencies to track click throughs as part of their social media communication.

This collaboration wasn’t secret. HowTo.gov provides concise directions on how to create “short, trustworthy .gov URLs that only point to official U.S. government information*” for social media sharing. A fact on HowTo.gov states “The public can click on Go.USA.gov or 1.USA.gov URLs knowing they will lead to official U.S. government information.”

HowTo.gov even provides the following directions:

To create a 1.USA.gov URL, simply go to bitly.com, paste in a long .gov or .mil URL, and click shorten. There’s no need to log in. You can also create 1.USA.gov URLs using any tool that already integrates with bitly, like TweetDeck or Seesmic.

Slashdot reports that the problem with this collaboration is that scammers have found a loophole. This post on the Symantec message board shows exactly how links are being redirected to illegitimate sites. Since anyone can use bitly.com to create links without being a registered user, this can be done relatively anonymously.

While this is a case of good links gone bad, it’s another reminder to be mindful of potential threats. Think before you click on links that come via email, email newsletters, and through social media services like Twitter and Facebook.

Let’s hope this gets shut down sooner rather than later but in the meantime, I’ve shared 3 things to do to protect yourself from malware that could be part of this latest cyberthreat over on Parents.com.

Hat tip to my husband for sharing breaking news read on Slashdot. Information quoted from HowTo.gov’s USA.gov Short URLs post. No compensation was received for this post.