Phishers Exploit Open Redirect on U.S. Government Site

A phishing attack is exploiting an open redirect on a U.S. government web site to gain credibility for bogus e-mails promising an IRS tax refund. The scam e-mail offers an IRS refund of $571 to recipients if they click on a link to govbenefits.gov, a legitimate federal web site that has recently been promoted by President Bush as a tool to streamline relief for victims of Hurricane Katrina.

An open redirect on the govbenefits.gov web site allows phishers to craft a URL that uses the govbenefits.gov URL but instead sends users to a web server in Italy and a phishing site seeking to steal their bank login details and Social Security number.

Netcraft's Anti-Fraud Open Redirect Detection Service assists web site owners in detecting open redirects that could allow criminals to misuse their sites in Internet scams. Online banking sites are under active scrutiny by fraudsters, who are keen to detect and exploit opportunities to run their frauds on banks’ own sites. Taking advantage of programmer mistakes in web applications, fraudsters have been able to run phishing scams on sites belonging to Visa, Mastercard, SunTrust, Charter One, and Citizens Bank.

Netcraft can perform an automatic search of a customer’s web sites to scan for possible redirection URLs in use, on a daily basis, thereby promptly trapping redirects introduced by inadvertent web design and application development.