Scammers Are Using Google Maps To Skirt Link-Shortener Crackdown, Redirect Users To Dodgy Websites

According to security company Sophos, scam websites have been using obfuscated Google Maps links to redirect users to dodgy websites. The Register reports: The reason for this is Google's recent efforts to get rid of its Goo.gl URL-shortening service. The link-shortening site is a favorite for scammers looking to hide the actual address of pages. Without Goo.gl to pick on, scammers are now abusing a loophole in the Maps API that allows for redirects to be put into Google Maps URLs. This allows the attackers to chain the links to their scam pages within a link to Google Maps, essentially creating a more trustworthy URL that users are more likely to follow. The trick also has the benefit of being harder to catch and shut down than links made with the well-policed Goo.gl service. Because it uses Google Maps, there's no reporting structure in place to get the scammers shut down and the scammers don't have to use a Google-owned interface or API to do it.

Re:Weird

[Kaenneth]

Because it's an abuse of what a URL should be.

obfuscated URLs that hide their true destination are evil.

Re:Is it me or is there a simple solution to it?

When you click on a link on a Google search engine results page, a script replaces the link the moment you click on it. The actual link that the browser follows is a redirect through another Google URL, so that Google can track what you clicked on. This practice, replacing links on click, used to be seen as a sign of a malware infected web site. Now it's business as usual. In particular, it's used to hide referral codes: The link you see is the "clean" link without a referral code. The code is added only just before the link is followed, in a mousedown event handler. If browsers warned you about redirects, there would be hardly a website (including Google's) that wouldn't cause a warning every time you clicked on a link.