TipsMake

Phishing takes advantage of Google Search's site redirection feature

A new phishing campaign takes advantage of the ability to easily redirect Google Search web addresses to users.

Google will completely change how to sell Android smartphones
Beware of Android scams!
Users will not doubt when clicking on links with Google domain. Security researchers come across phishing URLs that appear to be trustworthy and point to Google.
However, when analyzing these URLs, it is revealed that hackers have appended the parameters to automatically open HTTP redirection of Google Search. In this way, scammers try to redirect users to fraudulent, malicious websites.
In a recent blog post, Sophos revealed the URL format that appends to Google Search's open redirect parameters:
https://www.google.com/url?sa=t&url=[redacted]&usg=[redacted]
First, the URL looks reliable because it adds a link to Google. Experts often warn users to beware of suspicious links. But in this case, the user doesn't find anything malicious because the destination address is directed to Google. So users still click and ignore security warnings, and this is a security challenge. A few years ago, crooks also abused open navigation holes in Google Maps.
Phishing takes advantage of Google Search's site redirection feature Picture 1

Taking advantage of Google's redirects to cheat

Security researchers also said Google does not consider open redirects to be a security issue. You may need a few notes below to ensure your safety when using the internet:

Discover more

Online scams smartphones mobile devices Android Google
Marvin Fry

Share by

Marvin Fry
Update 20 May 2020

You should read it