IRS Offers Up Stupid Redirect Links To Help Phishers Steal Money
from the our-tax-money-at-work dept
Too many sites that are trying to track what people click on when leaving a site offer up "open redirect links" which basically let's a site append an outside URL to the end of one of its own URLs and have traffic flow right through to that second site. This may be useful in easily tracking what links people click on to leave a site, but they're also perfect for phishing scammers, who use them to trick people into believing that they're going to a legitimate site. And, what better site to scam people than the IRS's site? Turns out that the IRS's special govbenefits.gov site uses open redirects that phishers are already using to steal money. They convince people they're going to the IRS site, when they're simply passing right through to the scammer's site. Our tax money at work. Update: Good point made in the comments. The site itself is not actually the IRS's but another government agency's. The scam, however, is about a tax refund.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Finally!
[ link to this | view in thread ]
Heh
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
It doesn't look like this is the IRS' fault
(I love the job titles. The head of an Administration (FAA, NASA, etc.) has the title of "Administrator". Somewhere in the federal government there's got to be an Administrative Assistant to the Assistant Administrator for Administration. . .)
[ link to this | view in thread ]
No Subject Given
the flip side to that is trying to blame the IRS. maybe we should be more concerned with webmaster and not the content owner; after all, the webmaster decided to not use keywords or make the page smart enough not to accept external requests for the page
[ link to this | view in thread ]
Re: It doesn't look like this is the IRS' fault
Good point. I updated the post with that info.
[ link to this | view in thread ]
Something about a pot and a kettle
[ link to this | view in thread ]
Re: Something about a pot and a kettle
------
And I will never ever ever ever ever write a song about Sibbie.
[ link to this | view in thread ]
Re: Something about a pot and a kettle
[ link to this | view in thread ]
could you not see that in the link? by your definition, I could change the target and say "tech dirt offers up stupid redirect to help phishers steal money"
[ link to this | view in thread ]