The Latest in IT Security

Spam with .gov URLs


Symantec is observing an increase in spam messages containing .gov URLs. A screenshot of a sample message is below:


Traditionally, .gov URLs have been restricted to government entities. This brings up the question of how spammers are using .gov URLs in spam messages.

The answer is on this webpage: is the result of a collaboration between and, the popular URL shortening service. Now, whenever anyone uses bitly to shorten a URL that ends in .gov or .mil, they will receive a short, trustworthy URL in return.

While this feature has legitimate uses for government agencies and employees, it has also opened a door for spammers. By using an open-redirect vulnerability, spammers were able to set up a URL that leads to a spam website.

Using the above example:


leads to


which leads to


The final spam page is a work-at-home scam website that has been designed to look like a financial news network website:


To add legitimacy to the website, spammers have designed it so that other links, such as the menu bar at the top and other news articles (not shown in the above picture), actually lead to the financial news website that it is spoofing. However, the links in the article all lead to a different website where the spammer tries to make the sale: provides data created any time anyone clicks on a URL (link available on this webpage). Analysis of data from the last seven days shows that this trend began on October 12. As of October 18, 43,049 clicks were made through shortened URLs to these spam domains:


This chart shows the number of spam clicks made on a daily basis:


As seen above, there was a spike in volume on October 18. Due to this increase, spam clicks made up 15.1 percent of all URLs.

In addition to volume, the data also provides some insight into the locations of the clicks. 36,664 of 43,049 spam clicks had a country code associated with them. There were 124 countries identified. The top four countries on a daily basis were the United States, Canada, Australia, and Great Britain. In aggregate, the United States made up the biggest slice with 61.7 percent of the clicks:

While taking advantage of URL shorteners or an open-redirect vulnerability is not a new tactic, the fact that spammers can utilize a .gov service to make their own links is worrisome. Symantec encourages users to always follow best practices and exercise caution when opening links even if it is a .gov URL.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments