Hackers are using the custom shortened links of real media outlets, including MSNBC and Fox News, to send readers to fake news sites instead.
In a blog post published Monday, Websense Security Labs said cybercriminals have used MSNBC’s publicly available Bitly API key to create custom URL shorteners that appear to come from the outlet (eg., beginning with on.msnbc.com). However, the links actually redirect to fraudulent news sites. The spam is spreading through Google Groups, Yahoo Groups, and email.
“In addition to proactively scanning and categorizing the web in real time Websense Security Labs telemetry has millions of feeds, allowing insight into emerging threats such as the one identified in the blog,” a representative told Fast Company. “In addition, we caught a number of the samples by actually protecting our customer from these threats.”
Bitly has blocked some of these sham links, but one screenshot shows a link received more than 2,000 clicks. It’s unclear whether the links are spreading malware.
Another tactic of hackers is to add a redirect parameter at the end of a seemingly legitimate link, which redirects users to any website on the Internet. The below example from Websense shows the domain nbcnews.com, but directs to google.com.
To prevent such abuse, Websense recommends companies conceal their Bitly API keys and use two-factor authentication for added security. “All requests to the Bitly API should be done on the website’s back end, on the server-side. This means that the API key will never be seen by public users on the front end and your API key remains safe,” said the company.