A new phishing attack is exploiting both government URLs and a vulnerability in a CMS software package. The attack, which was first spotted last week and has claimed over 16,000 victims so far, directs recipients to a fake CNBC page hawking a work from home scam. The spammers hope people will fall for the scheme and sign up, therefore handing over their personal info.
The attack takes advantage of a security hole in the DotNetNuke CMS software. The software’s LinkClick.aspx file offers an open redirect vulnerability which is paired with bitly.com’s 1.usa.gov short URL service, run in partnership with theUSgovernment. The vulnerability allows the spammers to mask the phishing site behind a legit looking government short URL.
DotNetNuke hasn’t had any comment on the issue, so if you use their software you may want to disable its custom redirect feature or just disable the software altogether until a patch becomes available. The spam emails are easy to spot as they contain mostly gibberish along with the supposed government URL.
Phishing attacks are getting more and more sophisticated as spammers look for new ways to hide malicious URLs behind legit ones in order to trick more people into falling for their scams. They have also become pickier and now spend time carefully targeting their campaigns at specific groups of people such as CEOs or government officials in an effort to maximize their payoff. As people become savvier about internet security and scams, spammers and other cybercriminals are forced to become more creative with their schemes in order to stay one step ahead.