Security researchers note that these links are frequently used as bait to deploy: Locking user devices and demanding payment.