Attackers Use Google Maps URL-Sharing to Push Shady Sites
The Sophos security team recently reported that scammers are using the Google Maps URL-sharing feature to send their victims to phishing websites or those that contain malware.
Sophos says that the scam messages they discovered used both the Maps feature and goo.gl URL shortener to redirect users to a Russian diet-pill scam website. The attackers are able to do this by exploiting an open redirection vulnerability affecting the maps.app.goo.gl service.
Sophos researcher Mark Stockley says that a good way to avoid questionable links would be to check if a URL in the link parameter is not a link to Google Maps.