Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Google Maps flaw lets scammers direct victims to dodgy sites, expert says

Scammers can exploit a flaw in Google Maps to lure users to dodgy sites, a security expert has warned.

According to Sophos researcher Mark Stockley, cybercriminals are sending people to potentially malicious websites by using shortened, innocent-looking Maps links that end up redirecting visitors elsewhere.

Related: Google Maps tips and tricks

Google announced plans to shut down its goo.gl URL Shortener − which inadvertently provided an easy way to disguise dodgy links − earlier this year, and it appears that scammers have found another Google-made alternative.

“The crooks have turned a service designed for shortening and sharing Google Maps URLs into an impromptu redirection service for sharing whatever the heck they like, thanks to an open redirection vulnerability in the maps.app.goo.gl service,” Stockley wrote in a blog post.

“Open redirect vulnerabilities allow attackers to abuse code that’s intended to perform an HTTP redirect to a specific something into code that redirects to anything.”

Worryingly, Sophos says there’s no easy way to report them and, even worse, the firm says Google was made aware of the issue in September 2017.

“To avoid being abused, code that performs redirections should only send users to URLs that match a specific pattern or list of links thought to be OK,” the blog post continues.

“In the case of Google maps that should be simple – if the URL in the link parameter isn’t a Google Map, there’s no reason to allow the redirection.”

What’s the worse place Google Maps has directed you to? Share your thoughts @TrustedReviews.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.