According to Sophos researcher Mark Stockley, attackers can exploit a flaw in the mapping software to lure users to shady websites.
Linking directly to a scam site would result in Google's automated checks refusing the link, so cybercriminals bypass URL shortening service tests and use Google Maps as a legitimate middleman before a completely different website is loaded than the intended one.
"The crooks have turned a service designed for shortening and sharing Google Maps URLs into an impromptu redirection service for sharing whatever the heck they like, thanks to an open redirection vulnerability in the maps.app.goo.gl service", Stockley said.
Last month, Google announced its plans to shut down the goo.gl URL shortening service and replace it with Firebase Dynamic Links. But before it happens, scammers still can take full advantage of short links using Google Maps.