Scammers Are Using Google Maps To Skirt Link-Shortener Crackdown, Redirect Users To Dodgy Websites

According to security company Sophos, scam websites have been using obfuscated Google Maps links to redirect users to dodgy websites. The Register reports: The reason for this is Google's recent efforts to get rid of its Goo.gl URL-shortening service. The link-shortening site is a favorite for scammers looking to hide the actual address of pages. Without Goo.gl to pick on, scammers are now abusing a loophole in the Maps API that allows for redirects to be put into Google Maps URLs. This allows the attackers to chain the links to their scam pages within a link to Google Maps, essentially creating a more trustworthy URL that users are more likely to follow. The trick also has the benefit of being harder to catch and shut down than links made with the well-policed Goo.gl service. Because it uses Google Maps, there's no reporting structure in place to get the scammers shut down and the scammers don't have to use a Google-owned interface or API to do it.

Re:Weird

[Opportunist]

Thanks to living in a world where LetsDecrypt has basically destroyed any notion of responsible behavior by certificate issuers these shorteners are even more dangerous.

I was right with you until this line. Because you want certificates to do something they were not only never designed for but simply and plainly cannot do. You want a certificate to mean that you are going to end up at the "right" destination. And that's not what they're for. All a certificate will do in your browser is to determine whether the server associated with the certificate is also the server that serves you the content you requested. Nothing more, nothing less.

What a certificate cannot and does not do is determine whether the server www.mycompany.com belongs to MyCompany.