Google Maps flaw lets scammers direct victims to dodgy sites, expert says

Scammers can exploit a flaw in Google Maps to lure users to dodgy sites, a security expert has warned.

According to Sophos researcher Mark Stockley, cybercriminals are sending people to potentially malicious websites by using shortened, innocent-looking Maps links that end up redirecting visitors elsewhere.

Related: Google Maps tips and tricks

Google announced plans to shut down its URL Shortener − which inadvertently provided an easy way to disguise dodgy links − earlier this year, and it appears that scammers have found another Google-made alternative.

“The crooks have turned a service designed for shortening and sharing Google Maps URLs into an impromptu redirection service for sharing whatever the heck they like, thanks to an open redirection vulnerability in the service,” Stockley wrote in a blog post.

“Open redirect vulnerabilities allow attackers to abuse code that’s intended to perform an HTTP redirect to a specific something into code that redirects to anything.”

Chicken Widget

Samsung Galaxy S10 Pre-order Deals – Free Samsung Galaxy Buds

Samsung Galaxy S10 with free Samsung Galaxy Buds

Claim a free pair of Samsung Galaxy Buds worth £139 if you pre-order the Samsung Galaxy S10 before March 7th.

Samsung Galaxy S10 128GB Black – 60GB of data on EE with free Samsung Galaxy Buds

A great deal with nothing to pay upfront for the brand new Galaxy S10. This pre-order deal also includes the Samsung Galaxy Buds.

Worryingly, Sophos says there’s no easy way to report them and, even worse, the firm says Google was made aware of the issue in September 2017.

“To avoid being abused, code that performs redirections should only send users to URLs that match a specific pattern or list of links thought to be OK,” the blog post continues.

“In the case of Google maps that should be simple – if the URL in the link parameter isn’t a Google Map, there’s no reason to allow the redirection.”

What’s the worse place Google Maps has directed you to? Share your thoughts @TrustedReviews.