Hacker News new | past | comments | ask | show | jobs | submit login
Scammers are changing the contact details for banks on Google Maps (abhijittomar.com)
549 points by motiw 3 months ago | hide | past | web | favorite | 190 comments

I do a lot of Google Maps moderation and there’s a ton of bad changes being attempted every day. Honestly I’m amazed Google doesn’t bother to vet anyone really. Becoming a local guide is easy and not that difficult for a spam group to create enough fake accounts to get things pushed through. Just last night I caught the local Target that was reclassified as a “prison”.

What Google needs to do is lock information for verified businesses or businesses they’re directly scraping from the Corp location pages.

Why do you work for Google for no pay? OpenStreetMap always needs work. Help the community.

Honestly for me it boils down to Google maps being just a superior app. It's not even the amount of data in itself(which is a lot already tbh) but just the app being better. I don't think I have seen a decent OSM app yet.

OsmAnd is far superior to Google Maps in my opinion, especially for backcountry offline navigation. It's one of the most important apps when traveling abroad or when cell service is spotty. Google Maps is basically useless in rural South America, for example... and OSM is actually more up to date than Google Maps when it comes to river crossings, etc... and POI data is available for offline use. Google Maps can't even do offline navigation and rerouting.

Backcountry offline navigation in rural South America is far from what most people are using a mapping app for, though.

> Google Maps can't even do offline navigation and rerouting

Yes it can, you have to download the area in advance but I use it offline all the time as I have no mobile data plan on my phone.

The whole feature is clearly an afterthought. There are so many issues with it you're much better off getting another app that's designed for offline navigation.

How does OsmAnd handle traffic? For my commute I religiously use Google Maps to learn about accidents or other blockages to make my trip shorter. Can I do the same thing with OsmAnd? (I'm thinking no, but I'm unfamiliar with how traffic data really works, so I'm open to learning that I'm wrong.)

It can absolutely do offline navigation - you have to tell it to download an area offline, but if you start navigation for a route that passes through out-of-the-way areas it'll prompt you to download the offline maps.

> Google Maps can't even do offline navigation and rerouting.

The iOS Google maps does offline navigation. I used it just this weekend on a long distance trip. You have to download the data beforehand, but if you have downloaded the data for a region you can search and route to any destination you want.

How do you tell it to download a specific location beforehand?

I'm not sure how to do in the iOS one but I ma sure it's possible because my partner does it. For Android you just need to go in the side panel and there is a Offline Maps button.

OK Thanks

Is that the ugly one where you have to download huge regions to offline just to look at where you at right now?

Huge? Not so much... OsmAnd uses vector maps, which are very small, compared to "offline" Google Maps tiles.

A couple hundred megabytes for an entire country's road system is not "huge".

Like the mobile app itself, Google Maps offline maps are also vector based.

Then how come an offline region of a national park in Google Maps is a larger download than the entire state in OsmAnd?

A couple hundred megabytes to show me a map of where I am right now is huge.

You can use "online" maps and it only downloads the visible region on your screen. It's not a few hundred megs "just to show you where you are" that is utter nonsense.

How about you just actually use the app before you make baseless accusations.

Well I asked whether this is the app with only offline mode, which would imply large downloads. You said that offline mode is so small that it doesn't matter. I didn't make any 'baseless accusation', I am working off your reply, but still without any 'accusation' at all.

How about actually reading people's messages before claiming they're making 'baseless accusations'.

No, it's the one that supports both local and online maps.

Let me know when it gets a trip planner and has a mapmaker alternative.

Both Osmand (osmand.net) and MAPS.ME (maps.me) are mobile applications with a trip planner. To make maps I recommend uMap (umap.openstreetmap.fr) which is superior to the Google Maps equivalent features in every aspects.

Cool, is there a trip planner on desktop? I primarily commute using public transportation so Google's integration with that is super cool and I'd really love something free (as in freedom) that does the same.

> Honestly for me it boils down to Google maps being just a superior app.

And it shall remain that way as long as people work for free on a proprietary Google Web 2.0/3.0 application whereas they could do the same work for a FOSS licensed alternative (such as OSM).

The Google maps app is quite slow and bloated now on my Galaxy S6 and Nexus 5X. I think OSM has a great opportunity to overtake them on the "app being better" metric. Too many features have been crammed into Maps.

Google Maps is a great app, but the data is sometimes lacking. Open Street Maps is far more accurate at bicycle routes in and around Amsterdam, for example. Google regularly misses optimal routes.

Maps.me is great and better than Google.

It's not quite "pay", but Google have a notion of "points" to reward contributors, who they call local guides: https://support.google.com/local-guides/answer/6225851?hl=en

Anecdotally it's mostly credits towards Google's own products, free storage, etc, but also freebies like subscriptions to the NYTimes Crossword, etc -- at least at the lower levels.

Am I the only one who thinks that “Local Guides” is a needlessly misleading name? Before I looked up what it meant, I assumed that reviews tagged with “Local Guide” were actually written by locals, when in fact the author may just as well live on the other side of the world.

It prompts you to review/update info on locations that you've been to recently. Although you can do so for other locations as well.

Never underestimate the power of fake internet points.

They're not fake if they can be redeemed for things that would otherwise cost real money.

> Anecdotally it's mostly credits towards Google's own products, free storage, etc

Not anymore. I finally reached tier 5, but there was no reward no free storage. I haven't received anything. It's B.S.

The tier system changed recently, it's a 10 tier system now, and tier 5 is much easier to get.

I still don't see any tangible rewards. There's nothing listed about tier rewards. The only reward I've seen is getting a useless sticker next to your name.

Google, Amazon and Apple to an extend are all making money by exploiting the internet community spirit.

Every time Amazon sends an email for you to “review” the product, they are asking for free labour :-)

Same with google here.

I usually get a free movie ticket every month or so.

Everyone keeps thinking it’s like a full time job but really it’s a couple minutes whenever I go to post a review.

At high enough levels you also get invited to exclusive Google Guide meetups.

You're doing work for google, so you can invest in google products more?

I always try to submit my changes to both. I would like OSM to be great but I find myself using Google Maps as well, it's good for me for both to be up to date.

Google maps copies a ton of data from open street map. The other day my oddly specific edit on OSM was on Google maps within 72 hours.

Google doesn't seem to do that in my area (OpenStreetMap is way more accurate and up-to-date). I'd be surprised if they do because of the legal consequences for tainting their database with unlicensed data.

Did you set up a follow up test to find out if this wasn't just a chance occurrence? For example, by introducing a feature that exists (some unmapped named side street), but subtly misspelled on purpose.

When I signed up for OSM I checked the box that I consider my contribution to be public domain. I'm sure google checks for that and only imports the public domain changes.

Since my only goal was to get friends to my house instead of some corn field a mile away I accomplished my goals. I can see how someone who makes a lot of contributions would want otherwise, but my goals are different.

How can I contribute to OpenStreetMap? (currently spending a few 5-15 minutes chunks of time on Google Maps)

Just go to https://www.openstreetmap.org/ and create an account, then click on the Edit button and start editing :).

Thanks! For some reason I though I had to download an app and upload and download xml files. (I think I did that a number of years ago but that might have been something else.)

You can do that. There are many different editors for OSM depending on your use case and level of experience. I use josm which is the more advanced option.

Found no Edit button but at least I was able to report a misplaced feature.

Also I realized OSM has got the house numbers in my street correct, contrary to Google Maps.

It's beneficial to the small businesses in my area whom I would like to succeed. I do it to help the meadery down the street, not Google.

It's way easier to contribute to Google Maps, and Maps blows OSM out of the water in features, usability, and data quality.

Just as an FYI, data quality varies heavily based on location. Here in Lübeck, Germany, Google sucks and amongst other things shows non existant streets while OSM is simply correct.

In Pretoria, South Africa, OSM has information outdated by several years while Google does not.

I think SA had a big bulk import a few years back. Unfortunately while this got the map off the ground quickly it fails to build a strong local mapping community.

OSM != osm.org

So point me to where OSM has an official app where I can verify edits with a few taps. Last time I tried to edit OSM there was quite the process and a complex set of rules.

Possibly an effort keep you from scamming people by changing bank contact info?

It benefits other Google Maps users.

Is it actively bad to moderate Google Maps?

Exactly—OpenStreetMap would get more contributions if they had more users. People want to help others, but it's not clear how contributing to OSM does this when so few people use their website.

This is a chicken and egg problem. If you want to support the ideas OSM represents your only course of action is to do so. Complaining that people aren't using it is a defeatist attitude.

And in any case, a lot more people benefit from OSM than you know. Consider that it's not just a website with a map on it, but a downloadable map you can do whatever you want with. There's no other free & public source on geography that even comes close to OSM's detail. And OSM is genuinely better for end-users than Google Maps in many respects.

I'm not complaining, just trying to explain why people don't want to contribute as much. You get the feeling you're doing work for an organization rather than improving a product for everyone. Some people are into that, but I think more people would contribute if OSM had a more usable product.

As opposed to doing unpaid volunteer work for megacorporation Google?

With OpenStreetMap the data I contribute is placed under a free software license and can be reused by anyone; I actively contribute to a community resource, rather than a proprietary database increasing some company's shareholder value.

Google already let's people claim their maps listing via Google My Business. I would be shocked if they couldn't lock edits, or at the very least review them.

I hope Google uses their Duplex tech to review phone number changes though, should be easy to call the existing phone number a few times.

Claiming your listing does not let you lock it in the sense you are thinking of. It's also not very difficult to claim a listing that was already claimed by somebody else -- they will get an email asking them to challenge your claim, and if they don't respond you can take over the listing. That's how it worked a year ago, which is the last time I used it.

You can review edits in Google My Business. But Google will sometimes import a bunch of data from a data broker or some other source and bulk update your listings, which you then need to go in and edit again.

Google My Business is also very, very strict about rejecting addresses it does not think are real, which is a bit of a problem for businesses on newly constructed roads, or roads that were recently renamed. If their address normalizer rejects it, you just can't use it.

When you have a problem, Google's customer service is really, really bad.

This could explain why the scammers were able to claim the bank listings. The two banks mentioned in the article are nationalised(govt) banks, notorious for unprofessional work-culture. (I have an account at SBI) I wouldn't be surprised if the emails from Google went to black hole email addresses, giving scammers ownership of the listings.

On the contrary, if someone claims your business, it's extremely difficult to undo. My mother has this issue with her 1 person LLC - some random person claimed it, and the reclaiming flow was busted last I checked

When I did this a long time ago, I received a postcard to the address on the website, contain a PIN code that I needed to input on line. Don't they do that any more?

Not sure, the issue I hit was that it was legitimately broken when I tried. 500 responses or some such from an API call

Could you change the address (as described in this article) then claim it?

I recently changed a major shopping centre in my state from "Foo Market - The Shopping Capital" to "Foo Market" and 48h later it was approved. I'm not sure which one google would consider more correct and would assume changing a phone number might go through a few more checks but it was surprising.

Also reminds me about the taxi lost and found issue [1].

[1] https://www.gimletmedia.com/reply-all/76-lost-in-a-cab

Really all they do is ask a group of local guides if the title is correct. If a certain threshold say yes the change applies. I’m sure they have some other filters in place though.

I had randomly received a bunch of postcards for incorrect google maps address confirmations recently at my office. Made me stop for a sec and think about how that system works, and the why/ who would try to send out fake requests.

Does Google pay you to moderate? What is the user incentive to commit hours of time to a 3rd party commercial enterprise?

No, Google doesn't pay you when you do work for them as a "Local Guide".

That means that there is little incentive to stop people who are paid by entities that have vested interest in manipulating Google Maps information.

No, it's part of the local guides program they run. They'll show you pending edits and you just approve or decline. I don't spent too much time on it, only when I notice and am in the app.

Stack overflow is pretty popular. Although their recent attempt to "be nice to new users" (which wasn't necessary before, and coincides with the quality of answers rapidly approaching that of Quota) suggests that this won't last forever.

Stackoverflow data is free for anyone to download and reuse. Gmaps is a proprietary dataset. Helping people on SO also feels a lot less like working for a tech megacorp for free.

> (which wasn't necessary before, and coincides with the quality of answers rapidly approaching that of Quota)

It was absolutely necessary. It isn't a "meme" that SO community has hostile users. I hand out a lot of votes when browsing SO because so f many people don't really deserve the downvotes.

> coincides with the quality of answers rapidly approaching that of Quota

Do you perceive Quora to have higher or lower quality answers? I'm having trouble parsing what you meant to say.

Pretty sure s/he means lower

And sometimes fixes to incorrect information get rejected. My first edit was to correct an error where a restaurant had the website of a nearby shop listed. The website contained no information whatsoever about the restaurant (to my frustration, because I wanted to eat there).

My removal of the website got rejected. I think I needed to offer proof of some sort.

Adding info is easier: my second edit was adding opening hours to a shop. No proof needed. My submitted hours were not the official opening hours, because the shop always opens 15 minutes too late.

I am curious what the 3rd party bounty/revenue model is & if fixing/locking edits to verified owners would inversely affect G's & 3rds revenues. I ask b/c every licensed biz owner I know who have not utilized Goog's biz profile service(?) get dozens of calls a week to "activate your Google account NOW!". Quite off-putting & a very significant waste of their(the owners') time deflecting the onslaught.

In turn, I'm amazed that people put effort into databases that are owned by companies. Wouldn't it be much more fulfilling to do the same work for an open database, such as open street maps?

I use the Google Maps GPS to navigate, and have contributed by moving a couple of locations that had misleading coordinates (for example, out in a field instead of pointing to the parking log). Purely for my own convenience next time I'm navigating to these place.

> In turn, I'm amazed that people put effort into databases that are owned by companies. Wouldn't it be much more fulfilling to do the same work for an open database, such as open street maps?

There are tons of open source developers who contribute to code bases that require copyright assignment. They probably do it for the same reasons:

* It's personally useful

* It's useful to a lot of people

* It's (comparatively) easy to do

* It's rewarding in some other way

Most companies require a CLA. A CLA is not automatically equivalent to handing over copyright to the contribution.

In some cases, the company is asking for a license to use+distribute the code (which IMHO should be implied by open a PR in the first place).

For example, you can read Square’s CLA here: https://docs.google.com/forms/d/e/1FAIpQLSeRVQ35-gq2vdSxD1kd...

GPL skips the issue due to the PR having to be GPL to even be published. AGPL might be an issue though? Would it need to be explicit? Still, GPL.

* They're naive

They probably like that it is useful to a ton of people. Work on an open steet database - how many people will see and appreciate your work?

Many of those are just looking for free advertising really as well - in particular if they are a retail front or real estate for sale or let. Just enter in this information you want to give to customers to get a free advertising? Any sane business says yes please.

Do they do a better job combating this style of fraud?

The dominant platform is getting all the attacks. OSM is a huge success on many levels, but unlike Google maps it hasn't become "the phone book" (and never tried to)

But doesn't this imply that it is not a good investment of time to get your name/business in there?

> What Google needs to do is lock information for verified businesses or businesses they’re directly scraping from the Corp location pages.

Here are a few problems with that:

1) Businesses also have incentives to spam by adding lots of vaguely-related words to names, categories and description.

2) Businesses forget that they claimed the listing, and so stale info remains locked for too long.

> What Google needs to do is lock information for verified businesses or businesses they’re directly scraping from the Corp location pages.

If they do that and the correct information changes without them updating, they're (rightfully) going to get sued by those businesses. By having it editable by anyone, they avoid that, even if it results in the information being wrong more often.

Proper ways to deal with this would involve employing actual human beings for moderation, for filling in / updating the map data, or for providing support and a verification process to businesses trying to correct their data.

All three of these solutions cost more money than the status quo and are things that Google doesn't really do anywhere, so I doubt this is going to get better anytime soon.

They'd get sued? Really?

GDPR principle d if the business is a person? (I don't actually know)

GDPR data protection rules apply to natural persons, aka data subjects.


Imagine I am "John Doe, Independent Barrister" and that's my office.

How can a business be a person?

What if my business is "John Doe, Independent Barrister"?

The parent was talking about GDPR, so presumably Europe.

Corporate personhood isn't only an American invention. The German constitution explicitly grants fundamental rights to "artificial persons". The Italian constitution explicitly calls out trade unions as legal persons.

I work at a major community development charity in Canada with 100+ branches across the country. Almost every day, I have to log into Google My Business to reject the "user-suggested edits" made to a particular location's phone number or street address. Half the time, it seems Google auto-approves these user edits, so we get complaints from clients who used the Google info and showed up when the office was closed.

Almost all the time, people will see the address/number listed on Google's search engine snippet, which is larger, has an image and is much more conspicuous than anything else on the screen. They'll make their plans around that, instead of clicking on the #1 search result, which is our website showing the official hours.

It's incredibly irresponsible for Google to let any Tom Dick and Harry make changes to this type of information, and then display it to the world without posting so much as a disclaimer to users to verify with the actual site.

Maybe you can sue Google for negligence.

A local taxi company near me was relisted on Google maps using a pay-per-minute redirect service. The scammers get paid, and the customer is non the wiser until they get their bill.

I was charged about £5 for a 30 second call.

Yep, years ago, we needed to call the NHS (out of hours doctor) and looked it up on Google, first result (sponsored) turned out to be a premium rate pay per minute redirect number. That turned out to be a £90, 30 minute call when we got our bill. I believe this practice is now harder to do or not possible.

Is it so hard to remember the number "111"?

It wasn’t 111 years ago when we needed it.

Were they even using phones 111 years ago?

Fair enough.

I thought those were restricted to specific area codes. I think the phone company should be liable in scams like this. Also, there should be a way to block all pay-per-min calls on your phone. This is one of those areas government needs to regulate.

All premium rate numbers in the UK begin 09.

(0870 is "national rate", which can be more expensive than it ought to be, but not to the level available on 09 numbers.)


I work on maps spam. I was wondering if you could dig up a link to the maps business, and include a rough idea of when this occurred.


The UK phone number plan allocates the prefix 09… (or +44 9…) to premium rate numbers[1]. A change to an 09 number should be a red flag for the edit — I'd expect very, very few businesses to use a premium rate number as their main contact number. In fact, it seems many categories of business are banned from using them [2].

Some other European countries have similar prefix-based number allocation systems.

[1] https://en.wikipedia.org/wiki/Telephone_numbers_in_the_Unite...

[2] http://www.fairtelecoms.org.uk/service-numbers-084-087-09-an...

I've tried to report this map spam before - details at https://shkspr.mobi/blog/2018/04/hundreds-of-thousands-of-sp...

Happy to be contacted if you'd like more information.

Your blog post appears to be conflating Google Maps with MyMaps. MyMaps lets people create & publish their own maps with random POIs: for example, here's a map of nice wineries around Melbourne.


However, these do not show up in the "main" Google Maps, and adding spam to them isn't any more effective than adding spam to a random website.

Disclaimer: I used to work at Google Maps.

I mean, the url for these spam entries starts "Google.com/maps" so I think it is pretty reasonable to call this Google Maps spam.

I don't remember how I found those specific ones, but using Google Maps for Android finds some pretty similar entries. Perhaps you could pass that on to your old team?

Sure, send me a mail and I'll do my best.

That is amazing! IIRC in the U.S. there's a few second "grace period" where there's supposed to be an announcement that says "this call is $2 a minute" where you can hang up immediately and not get charged. I presume that's not how it works where you are!

It unfortunately isn't!

Were you able to dispute this charge?

I told my phone company, they wouldn't refund.

I also reported the number to the communications ombudsman .. haven't heard anything since unfortunately.

I had dealings with a UK Ombudsman before, they said the company had promised not to do it again so the case was closed ... I was a bit surprised that they trusted businesses so much.

I would have switched phone companies that day.

I didn't know they even had pay-per-minute services anymore. Does Twilio allow someone to set one up?

As long as the phone companies get paid for them, they'll keep letting you dial them.

What would be a legitimate use case for redirect services?

When they were big in the U.S. (976-xxxx days, before they moved to 900-xxx-xxxx), they were mostly astrologers, fortune tellers, and phone sex lines.

The only one I've seen in a very long time was for a psychic reading over the phone.

"I predict... you will lose a modest amount of money...."

Once upon a time redirects were used as pricing mechanism for phone-based "apis". So you could call some weather forecast, or sports analysis, yada yada. I don't know if these still exist, it would not surprise me if redirects are used mainly for fraud nowadays (they are huge in voip call centres breaches).

Believe Shazam also started as such a dial in service.

Indeed - I bought some early Bluetooth headphones that have a 'shazam' button, and pressing it would Dail their 4 it 5 digit UK number at the time. I think it was something like 2580 (the numbers straight down the centre of the dial pad.) Calls were capped at 50p I think and you got an sms response with the song title and artist fairly swiftly.

Strange how fast things change hey! Old news article about shazam and aqa https://www.cnet.com/uk/news/shazam-aqa-the-answer-is-on-you...

This company described the service as 'revenue sharing' .. http://www.callagenix.com/numbers/090x-premium-rate-numbers

If you own a business, you give your redirect, expensive number to clients you don't care much about so they don't call bitching about stuff (quality of whatever you sell, etc) and then you give your direct, free number to clients you don't want to lose.

I got burned by a similar scam with information changes in google. I was looking for a specific restaurant in google and used the given address to get there. When I got there I found out it was a different restaurant. I asked about the other restaurant and they told me the other restaurant had gone out of business. A complete lie.

I'm sure they hired a company to promote them and they used this trick to increase their customer base.

Never trust the company info google gives you without double checking. It's very easy for anyone to change the business info without proof of ownership.

Could very well be a scam. Or it could just be that the big tech companies really suck at information verification.

My small company gets three or four phone calls or e-mails a week from people who think it's a different business, and each time I ask, they say they got the number from Google.

Looking at my e-mail, the most recent one was from someone who wanted to place a big catering order with a Subway sandwich shop about 2,000 miles away.

I don't blame Google exclusively, though. For almost ten years, Facebook has been telling people that I am a large building in another state.

I don’t initially trust anything on he internet without second source verification. The internet is just one big scam pot today and at the same time, since using it before wide spread public use, I’m fascinated with watching it evolve, devolve since then.

Not the internet per se, scams are all over society. It's sad but true.

>A complete lie.

How do you know it's a lie?

I called a friend and she gave the right address. I drove there and had my meal.

If Google is going to have customers remain on their site for search information they have the duty to ensure it is accurate. More and more searches are now given a placard that is either community generated or scraped whether it be maps or the main search. A search that used to feature a link to the bank's "Contact Us" page is now being taken by Google with the link being buried further down between more ads. I get this is to help Google provide voice searches (with the great side effect that Google gets people spending more time on their site), but with that revenue comes a responsibility to do more to ensure it is accurate.

they have the duty to ensure it is accurate

Accuracy doesn't pay. Giving results that are "pretty close" keeps people searching and searching and searching for what they need, and racks up the ad dollars.

Or, at least they could accompany the non-verified details with labels that clearly marked them as such ("Unverified phone number: ...").

Most people want to remain anonymous on the internet or have disposable IDs and profiles. And yet they expect Google to somehow ensure that people are who they say they are. This is a hard problem and it won't be solved as long as people want it both ways.

It's not that people don't want to ever be identified, it's that they don't want to constantly be identified and tracked with no way to opt out.

This is also a false dichotomy: Google not tracking us online would not prevent it from verifying our true identities with regard to e.g. editing maps information.

We expect Google to ensure that businesses are who they say they are.

The dirty truth is that it isn't accuracy but what people want that keeps them coming back. If I were to set up a hillariously inaccurate database that used machine learning to generate incoherent transcripts I would get way more traffic then if it was accurate. This isn't new at all. People pay more attention to the ballad which attributed a single soldier pushing through a phalanx than the truth it was his own phalanx combined with a flanking auxiliary that broke through and gave victory.

Similarly Google was never about accuracy per say but indexing. It says what people are saying essentially. People may say that Ted Cruz is the zodiac killer but he would have been way too young in reality - amusing as the actual police sketch resemblance is. It just isn't capable of knowing the truth and that isn't its true purpose any more than a regex is to give you dictionary definitions.

I do wonder what would make a better system for maintaining these sorts of things. The whole identification and authentication systems in place are honestly pretty bad in legacy systems both technically and legislatively - combines with rightful concern about abuse potential in upgrades make it seem like something which will take generations to solve.

The same thing happened to a cousin of mine. I wrote a (somewhat more detailed than this article) blog post about it a month ago. Didn't gain any traction on HN then but here it is: http://blog.abhijittomar.com/2018/10/19/google-business-clai...

Yes, that's a good article and has more detail than either the submitted url (https://www.businessinsider.com/scammers-edit-google-maps-ba...) or the one it points to https://www.thehindu.com/sci-tech/technology/a-new-bank-scam..., so we've switched to it above. Hopefully it will gain some traction on HN now.

(You won't get the HN karma, but we plan to implement karma sharing for cases where multiple submitters contributed.)

Thank you.

I've added the news links to my article for reference as well.

There is some scam going on in Lake Powell, AZ. We visited there in September and yelped a well reviewed place: CNG Burgers. We arrive there and can't find it. It simply isn't there. And not just isn't there - there is NO trace of it on the building that matched the address (like where there would a lighter shade of paint behind where the restaurant sign was - at least according to the photos on Google Maps).

Oh well, onto the restaurant across the street. Asked the waitress there about CNG Burgers - she's never heard of it and said that she's worked there for a year. I looked on Google Maps and CNG received a ton of recent reviews.

Reading this thread compelled me to look at it again. Finally, Yelp is listing it as closed (I reported it as such), however, there are reviews as recent as 2 weeks ago.

On Google Maps, it's still active - all recent reviews by Local Guides.

Still not sure what it all means.

There's a new business model where a restaurant is just a kitchen that delivers. No need for a dining place. Uber eats and such give new restaurant owners the flexibility. Given that the majority of new restaurants fail within 5 years, this is a great option. This could be the case with CNG Burgers.

Some companies decide that they should have a physical address for places like Yelp. I suspect you have to have an address for people to review your business.

Is it a scam? In some sense yes but what do you if all you want to do is deliver?

This one? http://pageburgers.com/directions.html

Google maps has an image capture from May 2018 with their sign up.

I know. https://i.imgur.com/s5qesHC.jpg

Except, the restaurant is not there. None of the signs are on the building except for Lake Powell Realty. Not the "Restaurant" sign on the left, not the CNG Burgers sign in the middle. And the reviews kept on coming even after we left.

So its closed and google hasn’t removed it. The restaurant bought some fake reviews that are still coming in.

This isn’t a scam like the article is talking about, just google failing to update a listing and letting in bad reviews.

A couple of years ago, I needed to find a limo service for an old family friend, for a memorial service. It'd been some years, but I knew of and used to use one of the top two limo services in my metropolitan area. (In my area, in a perverse historical twist, a shared limo ride to the airport was substantially cheaper than a cab ride, as well as pretty much guaranteed timely as well as more comfortable.)

I'd heard that this was one business area where fly by night companies, and outright scammers, had been stuffing and, where possible, gaming search engine results -- meaning, given their market dominance, Google results.

I searched for the company -- mind you, a relatively large livery service with a diverse and well-heeled customer base, sure to still be in existence -- and sure enough, the search results were full of hits purporting to be them or part of them, or just playing on minor variations of their name. If nothing else, the phone numbers didn't look right to me as compared to my vague memory, formed back when people still dialed numbers.

Anyway, eventually I pulled out an old, physical yellow pages I'd been hoarding, looked them up in that, and called. They had changed that particular number, although not to something looking like one of the scam results. They had numbers from back when people faced in-state toll charges on phone calls, and since they covered an entire large metropolitan area, they had at that time registered numbers in several local exchanges, to make customer calls to them a local call (just pick the number having a local or non-toll exchange).

They still had the number from the yellow pages, though, assigned to an internal extension, and the person who answered took time out of their day to provide first rate customer service for the family friend.

The first rate service was still there. However, finding it through a Google search was a risky venture.

I'm not at all surprised that Maps contents is being exploited and gamed. I guess I'll hold on to that old yellow pages book a bit longer.

> They had numbers from back when people faced in-state toll charges on phone calls, and since they covered an entire large metropolitan area, they had at that time registered numbers in several local exchanges, to make customer calls to them a local call (just pick the number having a local or non-toll exchange).

Totally unrelated to people scamming others on Google, but I love little bits of telephone trivia like this. A large plumber and an unrelated large handyman company in my hometown metro both have the same style of phone number: "just dial your area code then [seven digits]."

One other thing we had growing up in that area were the concept of "metro numbers." Back in the day, the area was divided up into three different incumbents and it wasn't always the case that a person physically near you would have a number you could call for free. So metro numbers were ones in specific exchanges that anyone in the six-county area could call with no toll charges. Since all metro numbers were in a handful of exchanges and, because the three old incumbents crossed area codes as well, didn't always follow area code rules (e.g. you could be physically in area code 123 but get a metro number in area code 198), you'll see old businesses with old numbers in area codes where they "shouldn't be."

My mobile number is like this. It is a metro number and has an area code and prefix of one side of the metro area but if you look it up in any of the telco databases, those listings say it is "homed" to two counties away in a different area code.

You might enjoy this. I was growing up in the countryside in the late 80s when BBSs and services like AOL started to take off. We were too far away from anything like a city for them to be a local call, so my use of them was extremely limited. I had a friend who lived a few miles closer to the nearest city and they were a local call for him, so we’d always spend a lot of time on the BBSs at his place.

Eventually we came up with a brilliant scheme. My friend’s father had a home office with a dedicated phone line. He had signed up for call forwarding so he could be reached when he was away. But outside of business hours, the line sat idle. The process of changing the forwarding number was totally automated and free. Calling his number was a local call for me, and calling the interesting services was a local call for him, so I could bounce through his line (with his permission, of course) to call these things for free.

I do enjoy this, thanks. It reminded me of another memory: Growing up, my house sat on the border between two of the incumbents. It was odd enough that dialing the Operator got the pre-connection announcement for the incumbent that mailed us the phone bill but calling Information (411) got the pre-connection announcement for the adjacent city's incumbent.

This also happened to make my hometown one of a handful that could call local numbers served by either incumbent in the same area code. I was doing work for a tiny ISP and my boss asked my parents if he could put a Livingston PortMaster 16 in our house and hook up 16 phone lines in exchange for paying my parents a small sum and giving us free Internet access by sharing the connection with the PortMaster.

We agreed and, thus, I became one of the few teenagers at the time to have high-speed wired Internet at my house. (None of my peers gave a crap but I loved it.) The phone company was less overjoyed because we consumed every available pair in the cross-connect box at the end of the street and nobody on our block or the next one over could get an additional phone line for months until a new box was added.

(As a capper to the story: A second cross-connect was added...but the tiny ISP went bankrupt a month later and all 16 of those lines were disconnected, rendering the shiny new cross-connect pointless.)

Why would you need to dial your own area code? (Unless you're using a mobile, I guess.)

Did you check if the number listed on Google reached them too?

In 2014 Bryan Seely wiretapped FBI and Secret Service exploiting the Google maps (lack of) verification process.

According to his tedtalk, Google was not to eager to fix the problem and it seems things didn't change much since then.


A very well known CA company uses these details as a method of verification for EV certs.

Wait, Google is seriously just taking people's word for this stuff? What happened to the Semantic Web and getting information from official websites? They've essentially created OpenStreetMap, but with less transparency.

So how will this work with the new Google Duplex ai assistant auto calling a scammer for you? Yikes.

In college I was somehow made the owner or something of my department building’s google maps entry. I worked for the department, so my .edu google account was in some admin/staff group I guess. I kept getting emails asking me to update the listing and definitely considered some harmless pranks/light vandalism.

I've considered myself fairly resistive to various devious scamming efforts but recently they have upped the game at completely new level. Other day I received text message that my XYZ card had suspicious charge and my card was disabled. To re-enable the card I must call 1-800- number. I absolutely believed that! That number is in fact fake number to get all your bank details!

These are clear attempt for theft. For physical attempts I would call police and that's one of the big restraint on rampant theft attempts. But there is no law enforcement infrastructure set up to report and act on electronic thefts easily. These thieves can easily be traced otherwise as their 1-800- numbers are public.

If you are in the US you can submit reports to the FBI Internet Crime Complaint Center (IC3).


When I've had these I've always called the number on my card instead.

Which is exactly what you should do. Or look up the number from the bank's own secure web site.

I check phone numbers with yellowpages.com if I'm unsure, we've come full circle...

How do you know this is legit? Does the yellow pages verify every listing? If a company neglects to register a yellow pages slot, how hard is it for someone else to register it? Genuine questions (and I'd guess it changes by country); Google does a fair bit of effort to get business owner to claim their property on Google (again, probably changes by country); if they don't do so, then how different is it to someone neglecting to put their yellow pages entry in?

@askvictor Not guaranteed legit but possibly less likely to be abused than GMaps. https://business.yellowpages.ca/onboarding/#/search I actually look at the local paper book yellow pages sometimes for local businesses - sometimes you find good people who haven't bothered to get online.

You have to pay to be in the yellow pages, so that both discourages scammers and provides identity confirmation (bank account or credit card number)

Probably a small price to pay for scammers, and I wonder/doubt if anyone actually confirms the details - yes, it might be possible after the fact, but by that point the damage is done.

I'd say the safest thing is to call the number on your bank statement or the number on the back of your card.

Also good to verify the phone number on the company website.

I basically don't trust the search engine "summary" info that is presented in search results. I always go to the actual website of the business to get contact info, addresses, etc.

I am lol as I changed the profile picture for one country's central bank a long time ago because I was dumbstruck by the offer to "Claim this business" and just had to try it out.

It has been fun watching the edit wars over the hours of the Yucca Mountain nuclear waste site. There are times it has been OPEN and times it has been CLOSED and times when it is OPEN for 2 hours on the weekend, presumably for a pickup of household radioactive waste.


I know "Scammers are changing the contact details for banks on Google Maps to defraud people" is 4 characters too long but maybe "Scammers changing the contact details for banks on Google Maps to defraud people" is better than what it currently is? "changing the contact" alone doesn't make a lot of sense.

Or drop people: “Scammers are changing the contact info for banks on Google Maps to defraud”

The the is supefluous too: "Scammers changing contact details of banks on Google Maps [to defraud]". But the "defraud" coming at the end and not being just "fraud" is poor in English. However, "scammers" are pretty much synonymous with "fraudsters", so the "to defraud" is probably superfluous too.

I hope you apply the same reductionism to problem solving as well.

Got any tips on using it in practice (you seem to be at a higher skill level than most)?

I try, I'm not an engineer, my critical faculties are better than my constructive ones -- I do think I'm pretty good at succinct and accurate writing though. Unfortunately I'm not able to make best use of these skills at present.

What field do you work in?

In fact, if you live in China, you will know that the information provided by search engines is not always right. Some frauds are even carried out with the help of search engines, for example, putian

Reminds me of the time I claimed the Google SF office on Google maps.

I've seen more than a couple instances of terrible addresses being marked on Google Maps. Painful while ordering food or taking an Uber.

Why he didn't call the phone number on his debit card or bank's web site?!

Not to blame the victim, but this is an apt example of social engineering at work. The so-called 'educated' person in question is not too aware I guess. All the banking institutions send you a gazillion emails about not sharing your card information ever with any employee. In fact it has come to a point that the government of India runs TV ad campaigns regarding this on all the channels under the sun. So the ignorance of the victim is to blame for this as well.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact