Trusted Reviews may earn an affiliate commission when you purchase through links on our site. Learn More

Google Maps flaw lets scammers direct victims to dodgy sites, expert says

Scammers can exploit a flaw in Google Maps to lure users to dodgy sites, a security expert has warned.

According to Sophos researcher Mark Stockley, cybercriminals are sending people to potentially malicious websites by using shortened, innocent-looking Maps links that end up redirecting visitors elsewhere.

Related: Google Maps tips and tricks

Google announced plans to shut down its URL Shortener − which inadvertently provided an easy way to disguise dodgy links − earlier this year, and it appears that scammers have found another Google-made alternative.

“The crooks have turned a service designed for shortening and sharing Google Maps URLs into an impromptu redirection service for sharing whatever the heck they like, thanks to an open redirection vulnerability in the service,” Stockley wrote in a blog post.

“Open redirect vulnerabilities allow attackers to abuse code that’s intended to perform an HTTP redirect to a specific something into code that redirects to anything.”

Worryingly, Sophos says there’s no easy way to report them and, even worse, the firm says Google was made aware of the issue in September 2017.

“To avoid being abused, code that performs redirections should only send users to URLs that match a specific pattern or list of links thought to be OK,” the blog post continues.

“In the case of Google maps that should be simple – if the URL in the link parameter isn’t a Google Map, there’s no reason to allow the redirection.”

What’s the worse place Google Maps has directed you to? Share your thoughts @TrustedReviews.

Unlike other sites, we thoroughly review everything we recommend, using industry standard tests to evaluate products. We’ll always tell you what we find. We may get a commission if you buy via our price links. Tell us what you think – email the Editor