Spammers Hijack Google Maps to Flood Inboxes
▼ Summary
– Thousands of spam emails are targeting users, appearing to come from Google Maps with messages about online requests.
– The spam contains links to a suspicious website, linkparty.cc, registered recently through a Hong Kong registrar.
– Reddit discussions suggest the emails are sent via a Google Maps loophole and pass all email authentication checks.
– Email authentication protocols like DMARC, SPF, and DKIM show these messages as legitimate, complicating filtering efforts.
– While Gmail filters can block these messages on the web, they still appear in some email clients like Mac Mail but not others like Outlook.
A recent wave of spam emails, seemingly originating from Google Maps, has inundated countless inboxes, including my own. These messages arrive from various senders and contain a range of texts, such as prompts to check information or view a custom map. Each email includes a link directing recipients to “view in Google Maps,” but these actually lead to the website linkparty.cc. An investigation into this domain reveals it was registered very recently, on October 9th, through the Hong Kong-based registrar Nicenic International Group. The domain’s WHOIS record provides minimal details but does list an abuse reporting contact: abuse@nicenic.net.
On platforms like Reddit, users are actively discussing the issue, with many expressing frustration that Google has not yet resolved the problem despite numerous complaints. One contributor pointed out a critical detail: the spam messages are not simply forged. They feature legitimate email headers that pass all standard authentication checks. This indicates the emails are genuinely sent by Google Maps systems, but on behalf of the spammers, suggesting a potential security loophole has been exploited.
For example, a typical message with the subject line “See custom map on Google Maps” shows a passing SPF check from a Google IP address. It also passes both DKIM and DMARC validation. DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email security protocol designed to prevent email spoofing by allowing domain owners to protect their addresses from unauthorized use. The fact these spam emails pass these checks confirms they are being sent through Google’s own infrastructure.
While Google provides spam filtering within its Gmail service, this is not a universal fix. I configured two separate filters in Gmail, one to bypass the inbox and another to delete the messages outright. This approach successfully blocks the spam when checking email via the Gmail website. However, the spam continues to flood into the Mac Mail application on both my laptop and desktop computers. Even when the mail client is closed, launching it triggers an immediate download of all the accumulated spam messages. Interestingly, the spam does not appear when using Outlook on a Mac, nor does it show up in Apple’s mail client on an iPod, highlighting an inconsistency in how different email clients handle these messages.
(Source: ITWire Australia)
