Scam sites have been abusing a less-known feature on Google Maps to redirect users to dangerous websites.
Researchers discovered that some shady pages are being peddled to users via obfuscated Maps links.
According to cybersecurity researchers, scammers are using the Maps API as a defacto link-shortening service, hiding their pages as redirects within Maps links.
The reason for this is Google’s recent efforts to get rid of its Goo.gl URL-shortening service because the link-shortening site is a favorite for scammers looking to hide the actual address of pages.
Because of this, we must focus on securing our devices. Devices owned by individuals or companies can be rapidly and safely secured by installing an antivirus for Windows or antivirus for Mac depending on which version of OS your device runs. As for the companies, please remember that professional cybersecurity firms are offering good cybersecurity packages that can be used to test your company’s network integrity by running various tests like penetration test and ethical hacking tests.
Google doesn’t stand for iffy links and now spammy Goo.gl URLs are almost as easy to report as they are to create.
Without Goo.gl to leverage on, scammers are now abusing a loophole in the Maps API that allows them to put the redirect into Google Maps URLs. This allows them to chain the links to their scam pages within a link to Google Maps, essentially creating a more trustworthy URL that users are more likely to follow.
The trick also has the benefit of being harder to catch and shut down than links made with the well-policed Goo.gl service. Because it uses Google Maps, there’s no reporting structure in place to get the scammers shut down, and the scammers don’t have to use a Google-owned interface or API to do it.
This isn’t the only time Google’s URL managers have been open to abuse. In 2016, researchers disclosed that flaws in Goo.gl, among other link-shorteners, could be exploited to track users and harvest personal information.
Remember that all devices must be protected only by the best cybersecurity solution like an antivirus, so install an antivirus for Windows or antivirus for Mac, depending on which version of OS your device runs. Companies should verify their networks twice a year by hiring professionals to do a penetration test and various ethical hacking tests.