
Scammers are changing the contact details for banks on Google Maps - motiw
http://blog.abhijittomar.com/2018/10/19/google-business-claim-scam/
======
dawnerd
I do a lot of Google Maps moderation and there’s a ton of bad changes being
attempted every day. Honestly I’m amazed Google doesn’t bother to vet anyone
really. Becoming a local guide is easy and not that difficult for a spam group
to create enough fake accounts to get things pushed through. Just last night I
caught the local Target that was reclassified as a “prison”.

What Google needs to do is lock information for verified businesses or
businesses they’re directly scraping from the Corp location pages.

~~~
black-tea
Why do you work for Google for no pay? OpenStreetMap always needs work. Help
the community.

~~~
signal11
It's not quite "pay", but Google have a notion of "points" to reward
contributors, who they call local guides: [https://support.google.com/local-
guides/answer/6225851?hl=en](https://support.google.com/local-
guides/answer/6225851?hl=en)

Anecdotally it's mostly credits towards Google's own products, free storage,
etc, but also freebies like subscriptions to the NYTimes Crossword, etc -- at
least at the lower levels.

~~~
atomwaffel
Am I the only one who thinks that “Local Guides” is a needlessly misleading
name? Before I looked up what it meant, I assumed that reviews tagged with
“Local Guide” were actually written by locals, when in fact the author may
just as well live on the other side of the world.

~~~
skykooler
It prompts you to review/update info on locations that you've been to
recently. Although you can do so for other locations as well.

------
rchaud
I work at a major community development charity in Canada with 100+ branches
across the country. Almost every day, I have to log into Google My Business to
reject the "user-suggested edits" made to a particular location's phone number
or street address. Half the time, it seems Google auto-approves these user
edits, so we get complaints from clients who used the Google info and showed
up when the office was closed.

Almost all the time, people will see the address/number listed on Google's
search engine snippet, which is larger, has an image and is much more
conspicuous than anything else on the screen. They'll make their plans around
that, instead of clicking on the #1 search result, which is our website
showing the official hours.

It's incredibly irresponsible for Google to let any Tom Dick and Harry make
changes to this type of information, and then display it to the world without
posting so much as a disclaimer to users to verify with the actual site.

~~~
atmosx
Maybe you can sue Google for negligence.

------
lwhi
A local taxi company near me was relisted on Google maps using a pay-per-
minute redirect service. The scammers get paid, and the customer is non the
wiser until they get their bill.

I was charged about £5 for a 30 second call.

~~~
tommyanthony
Hi,

I work on maps spam. I was wondering if you could dig up a link to the maps
business, and include a rough idea of when this occurred.

Thanks!

~~~
edent
I've tried to report this map spam before - details at
[https://shkspr.mobi/blog/2018/04/hundreds-of-thousands-of-
sp...](https://shkspr.mobi/blog/2018/04/hundreds-of-thousands-of-spam-
listings-on-google-my-maps/)

Happy to be contacted if you'd like more information.

~~~
jpatokal
Your blog post appears to be conflating Google Maps with MyMaps. MyMaps lets
people create & publish their _own_ maps with random POIs: for example, here's
a map of nice wineries around Melbourne.

[https://drive.google.com/open?id=1mtgpe7JU9OtHUUdvG_A6Uq0eTp...](https://drive.google.com/open?id=1mtgpe7JU9OtHUUdvG_A6Uq0eTpQ&usp=sharing)

However, these do _not_ show up in the "main" Google Maps, and adding spam to
them isn't any more effective than adding spam to a random website.

Disclaimer: I used to work at Google Maps.

~~~
edent
I mean, the url for these spam entries starts "Google.com/maps" so I think it
is pretty reasonable to call this Google Maps spam.

I don't remember how I found those specific ones, but using Google Maps for
Android finds some pretty similar entries. Perhaps you could pass that on to
your old team?

------
WheelsAtLarge
I got burned by a similar scam with information changes in google. I was
looking for a specific restaurant in google and used the given address to get
there. When I got there I found out it was a different restaurant. I asked
about the other restaurant and they told me the other restaurant had gone out
of business. A complete lie.

I'm sure they hired a company to promote them and they used this trick to
increase their customer base.

Never trust the company info google gives you without double checking. It's
very easy for anyone to change the business info without proof of ownership.

~~~
qrbLPHiKpiux
I don’t initially trust anything on he internet without second source
verification. The internet is just one big scam pot today and at the same
time, since using it before wide spread public use, I’m fascinated with
watching it evolve, devolve since then.

~~~
WheelsAtLarge
Not the internet per se, scams are all over society. It's sad but true.

------
specialp
If Google is going to have customers remain on their site for search
information they have the duty to ensure it is accurate. More and more
searches are now given a placard that is either community generated or scraped
whether it be maps or the main search. A search that used to feature a link to
the bank's "Contact Us" page is now being taken by Google with the link being
buried further down between more ads. I get this is to help Google provide
voice searches (with the great side effect that Google gets people spending
more time on their site), but with that revenue comes a responsibility to do
more to ensure it is accurate.

~~~
phkahler
Most people want to remain anonymous on the internet or have disposable IDs
and profiles. And yet they expect Google to somehow ensure that people are who
they say they are. This is a hard problem and it won't be solved as long as
people want it both ways.

~~~
jakelazaroff
It's not that people don't want to _ever_ be identified, it's that they don't
want to _constantly_ be identified and tracked with no way to opt out.

This is also a false dichotomy: Google not tracking us online would not
prevent it from verifying our true identities with regard to e.g. editing maps
information.

------
abtom
The same thing happened to a cousin of mine. I wrote a (somewhat more detailed
than this article) blog post about it a month ago. Didn't gain any traction on
HN then but here it is: [http://blog.abhijittomar.com/2018/10/19/google-
business-clai...](http://blog.abhijittomar.com/2018/10/19/google-business-
claim-scam/)

~~~
dang
Yes, that's a good article and has more detail than either the submitted url
([https://www.businessinsider.com/scammers-edit-google-maps-
ba...](https://www.businessinsider.com/scammers-edit-google-maps-bank-
listings-fraud-2018-11)) or the one it points to
[https://www.thehindu.com/sci-tech/technology/a-new-bank-
scam...](https://www.thehindu.com/sci-tech/technology/a-new-bank-scam-using-
google-maps-loophole/article25541414.ece), so we've switched to it above.
Hopefully it will gain some traction on HN now.

(You won't get the HN karma, but we plan to implement karma sharing for cases
where multiple submitters contributed.)

~~~
abtom
Thank you.

I've added the news links to my article for reference as well.

------
starik36
There is some scam going on in Lake Powell, AZ. We visited there in September
and yelped a well reviewed place: CNG Burgers. We arrive there and can't find
it. It simply isn't there. And not just isn't there - there is NO trace of it
on the building that matched the address (like where there would a lighter
shade of paint behind where the restaurant sign was - at least according to
the photos on Google Maps).

Oh well, onto the restaurant across the street. Asked the waitress there about
CNG Burgers - she's never heard of it and said that she's worked there for a
year. I looked on Google Maps and CNG received a ton of recent reviews.

Reading this thread compelled me to look at it again. Finally, Yelp is listing
it as closed (I reported it as such), however, there are reviews as recent as
2 weeks ago.

On Google Maps, it's still active - all recent reviews by Local Guides.

Still not sure what it all means.

~~~
ksherlock
This one?
[http://pageburgers.com/directions.html](http://pageburgers.com/directions.html)

Google maps has an image capture from May 2018 with their sign up.

~~~
starik36
I know. [https://i.imgur.com/s5qesHC.jpg](https://i.imgur.com/s5qesHC.jpg)

Except, the restaurant is not there. None of the signs are on the building
except for Lake Powell Realty. Not the "Restaurant" sign on the left, not the
CNG Burgers sign in the middle. And the reviews kept on coming even after we
left.

~~~
soared
So its closed and google hasn’t removed it. The restaurant bought some fake
reviews that are still coming in.

This isn’t a scam like the article is talking about, just google failing to
update a listing and letting in bad reviews.

------
pasbesoin
A couple of years ago, I needed to find a limo service for an old family
friend, for a memorial service. It'd been some years, but I knew of and used
to use one of the top two limo services in my metropolitan area. (In my area,
in a perverse historical twist, a shared limo ride to the airport was
substantially cheaper than a cab ride, as well as pretty much guaranteed
timely as well as more comfortable.)

I'd heard that this was one business area where fly by night companies, and
outright scammers, had been stuffing and, where possible, gaming search engine
results -- meaning, given their market dominance, Google results.

I searched for the company -- mind you, a relatively large livery service with
a diverse and well-heeled customer base, sure to still be in existence -- and
sure enough, the search results were full of hits purporting to be them or
part of them, or just playing on minor variations of their name. If nothing
else, the phone numbers didn't look right to me as compared to my vague
memory, formed back when people still dialed numbers.

Anyway, eventually I pulled out an old, physical yellow pages I'd been
hoarding, looked them up in that, and called. They had changed that particular
number, although not to something looking like one of the scam results. They
had numbers from back when people faced in-state toll charges on phone calls,
and since they covered an entire large metropolitan area, they had at that
time registered numbers in several local exchanges, to make customer calls to
them a local call (just pick the number having a local or non-toll exchange).

They still had the number from the yellow pages, though, assigned to an
internal extension, and the person who answered took time out of their day to
provide first rate customer service for the family friend.

The first rate service was still there. However, finding it through a Google
search was a risky venture.

I'm not at all surprised that Maps contents is being exploited and gamed. I
guess I'll hold on to that old yellow pages book a bit longer.

~~~
techsupporter
> They had numbers from back when people faced in-state toll charges on phone
> calls, and since they covered an entire large metropolitan area, they had at
> that time registered numbers in several local exchanges, to make customer
> calls to them a local call (just pick the number having a local or non-toll
> exchange).

Totally unrelated to people scamming others on Google, but I love little bits
of telephone trivia like this. A large plumber and an unrelated large handyman
company in my hometown metro both have the same style of phone number: "just
dial your area code then [seven digits]."

One other thing we had growing up in that area were the concept of "metro
numbers." Back in the day, the area was divided up into three different
incumbents and it wasn't always the case that a person physically near you
would have a number you could call for free. So metro numbers were ones in
specific exchanges that anyone in the six-county area could call with no toll
charges. Since all metro numbers were in a handful of exchanges and, because
the three old incumbents crossed area codes as well, didn't always follow area
code rules (e.g. you could be physically in area code 123 but get a metro
number in area code 198), you'll see old businesses with old numbers in area
codes where they "shouldn't be."

My mobile number is like this. It is a metro number and has an area code and
prefix of one side of the metro area but if you look it up in any of the telco
databases, those listings say it is "homed" to two counties away in a
different area code.

~~~
mikeash
You might enjoy this. I was growing up in the countryside in the late 80s when
BBSs and services like AOL started to take off. We were too far away from
anything like a city for them to be a local call, so my use of them was
extremely limited. I had a friend who lived a few miles closer to the nearest
city and they were a local call for him, so we’d always spend a lot of time on
the BBSs at his place.

Eventually we came up with a brilliant scheme. My friend’s father had a home
office with a dedicated phone line. He had signed up for call forwarding so he
could be reached when he was away. But outside of business hours, the line sat
idle. The process of changing the forwarding number was totally automated and
free. Calling his number was a local call for me, and calling the interesting
services was a local call for him, so I could bounce through his line (with
his permission, of course) to call these things for free.

~~~
techsupporter
I do enjoy this, thanks. It reminded me of another memory: Growing up, my
house sat on the border between two of the incumbents. It was odd enough that
dialing the Operator got the pre-connection announcement for the incumbent
that mailed us the phone bill but calling Information (411) got the pre-
connection announcement for the adjacent city's incumbent.

This also happened to make my hometown one of a handful that could call local
numbers served by either incumbent in the same area code. I was doing work for
a tiny ISP and my boss asked my parents if he could put a Livingston
PortMaster 16 in our house and hook up 16 phone lines in exchange for paying
my parents a small sum and giving us free Internet access by sharing the
connection with the PortMaster.

We agreed and, thus, I became one of the few teenagers at the time to have
high-speed wired Internet at my house. (None of my peers gave a crap but I
loved it.) The phone company was less overjoyed because we consumed every
available pair in the cross-connect box at the end of the street and nobody on
our block or the next one over could get an additional phone line for months
until a new box was added.

(As a capper to the story: A second cross-connect was added...but the tiny ISP
went bankrupt a month later and all 16 of those lines were disconnected,
rendering the shiny new cross-connect pointless.)

------
adiian
In 2014 Bryan Seely wiretapped FBI and Secret Service exploiting the Google
maps (lack of) verification process.

According to his tedtalk, Google was not to eager to fix the problem and it
seems things didn't change much since then.

[https://youtu.be/5c6AADI7Pb4](https://youtu.be/5c6AADI7Pb4)

------
seanieb
A very well known CA company uses these details as a method of verification
for EV certs.

------
franga2000
Wait, Google is seriously just taking people's word for this stuff? What
happened to the Semantic Web and getting information from official websites?
They've essentially created OpenStreetMap, but with less transparency.

------
tgb
So how will this work with the new Google Duplex ai assistant auto calling a
scammer for you? Yikes.

------
rlyshw
In college I was somehow made the owner or something of my department
building’s google maps entry. I worked for the department, so my .edu google
account was in some admin/staff group I guess. I kept getting emails asking me
to update the listing and definitely considered some harmless pranks/light
vandalism.

------
sytelus
I've considered myself fairly resistive to various devious scamming efforts
but recently they have upped the game at completely new level. Other day I
received text message that my XYZ card had suspicious charge and my card was
disabled. To re-enable the card I must call 1-800- number. I absolutely
believed that! That number is in fact fake number to get all your bank
details!

These are clear attempt for theft. For physical attempts I would call police
and that's one of the big restraint on rampant theft attempts. But there is no
law enforcement infrastructure set up to report and act on electronic thefts
easily. These thieves can easily be traced otherwise as their 1-800- numbers
are public.

~~~
SmellyGeekBoy
When I've had these I've always called the number on my card instead.

~~~
mnw21cam
Which is exactly what you should do. Or look up the number from the bank's own
secure web site.

------
olivermarks
I check phone numbers with yellowpages.com if I'm unsure, we've come full
circle...

~~~
askvictor
How do you know this is legit? Does the yellow pages verify every listing? If
a company neglects to register a yellow pages slot, how hard is it for someone
else to register it? Genuine questions (and I'd guess it changes by country);
Google does a fair bit of effort to get business owner to claim their property
on Google (again, probably changes by country); if they don't do so, then how
different is it to someone neglecting to put their yellow pages entry in?

~~~
ams6110
You have to pay to be in the yellow pages, so that both discourages scammers
and provides identity confirmation (bank account or credit card number)

~~~
askvictor
Probably a small price to pay for scammers, and I wonder/doubt if anyone
actually confirms the details - yes, it might be possible after the fact, but
by that point the damage is done.

------
ams6110
I basically don't trust the search engine "summary" info that is presented in
search results. I always go to the actual website of the business to get
contact info, addresses, etc.

------
PaulHoule
I am lol as I changed the profile picture for one country's central bank a
long time ago because I was dumbstruck by the offer to "Claim this business"
and just had to try it out.

It has been fun watching the edit wars over the hours of the Yucca Mountain
nuclear waste site. There are times it has been OPEN and times it has been
CLOSED and times when it is OPEN for 2 hours on the weekend, presumably for a
pickup of household radioactive waste.

------
joshstrange
@dang

I know "Scammers are changing the contact details for banks on Google Maps to
defraud people" is 4 characters too long but maybe "Scammers changing the
contact details for banks on Google Maps to defraud people" is better than
what it currently is? "changing the contact" alone doesn't make a lot of
sense.

~~~
mattnewton
Or drop people: “Scammers are changing the contact info for banks on Google
Maps to defraud”

~~~
pbhjpbhj
The the is supefluous too: "Scammers changing contact details of banks on
Google Maps [to defraud]". But the "defraud" coming at the end and not being
just "fraud" is poor in English. However, "scammers" are pretty much
synonymous with "fraudsters", so the "to defraud" is probably superfluous too.

~~~
namibj
I hope you apply the same reductionism to problem solving as well.

Got any tips on using it in practice (you seem to be at a higher skill level
than most)?

~~~
pbhjpbhj
I try, I'm not an engineer, my critical faculties are better than my
constructive ones -- I do think I'm pretty good at succinct and accurate
writing though. Unfortunately I'm not able to make best use of these skills at
present.

What field do you work in?

------
TomJoeJohn
In fact, if you live in China, you will know that the information provided by
search engines is not always right. Some frauds are even carried out with the
help of search engines, for example, putian

------
ruffrey
Reminds me of the time I claimed the Google SF office on Google maps.

------
cyberjunkie
I've seen more than a couple instances of terrible addresses being marked on
Google Maps. Painful while ordering food or taking an Uber.

------
darkhorn
Why he didn't call the phone number on his debit card or bank's web site?!

------
tmkc13
Not to blame the victim, but this is an apt example of social engineering at
work. The so-called 'educated' person in question is not too aware I guess.
All the banking institutions send you a gazillion emails about not sharing
your card information ever with any employee. In fact it has come to a point
that the government of India runs TV ad campaigns regarding this on all the
channels under the sun. So the ignorance of the victim is to blame for this as
well.

