Redirect flaw on .gov sites leaves open door for phishers: At least 20,000 users have fallen victim to a spam ca…