Google My Business phishing is increasing with hackers developing various ways to gain business controls on local profiles

Joy Hawkins from Sterling Sky has recently reported some incidents in which hackers used different methods to gain control of business listings on Google My Business (GMB). After gaining the access, they get to do anything they want with the profile of that business, and surprisingly, Google My Business is not providing enough support to genuine business profiles when they complain about such phishing attempts on the GMB forum!

One of the methods that these cybercriminals use is to go on a business listing, there, they see an option of ‘Claim this business’, this is what they click on and their action generates an email that goes to the verified or registered owner of the profile. The email requests for business control over the listing. Since the verified owners get this email request, thankfully some of them remain safe. But that does not mean that this method is not seeing any success! As per Joy Hawkins, recently only a law firm’s listing got hacked, and then it was used to sell leads to other personal injury lawyers!

Now, this shows that the hackers are skilled enough to dupe even lawyers, and they do not shirk from messing with law firms even! So, everyone needs to be really careful about their business listings on Google My Business. A Google spokesperson said that when a business profile owner receives an email request to manage or to transfer the ownership of the business listing, they must decline the request, whether it comes from a known person or some stranger.

The real owners must understand that the rights to manage or even own a Business Profile on Google My Business are only granted if the verified or registered merchant accepts the request made by a requester, and the requester also proves their association with the business.

Another hack that these cybercriminals can be using is the merger of duplicate. Rasmus Himmelstrup from Resolution Media in Denmark accidentally proved this. Now, what happened was that Rasmus’s client was a European optometry chain called Specsavers. In Denmark, it goes by the name of Louis Nielsen. On the other hand, there is a large Danish supermarket chain called Bilka.

Both Bilka’s and Specsavers’ listings got flagged as Duplicates by Google, and then they were merged. Now, this flagging could have been done by a third-party, or by Google itself. Anyway, since both the listings got merged, their information also got all mixed up on Google My Business.

Rasmus reported this to the GMB Support, and their response was to ask Rasmus to prove that the Specsavers’ location actually existed! Then he was asked to delete the duplicate and re-verify Specsavers, which he did. But the point is that Rasmus’s company is a competitor of Bilka, and if Rasmus wanted, he would have done anything to mess up with Bilka’s information and reputation through Google My Business.

So, Rasmus did not do anything like that, but hackers can use this method!

Fake listings, bogus reviews, anything can harm the reputation of business profiles, and especially the small businesses are at a higher risk. They can lose their potential clients if they are not careful enough. Also, Google must train its support team to do better in the future!



Read next: Microsoft warns that the SMS and Voice format of Multi-factor authentication is unsafe and un-encrypted, so it should be abandoned, and app-based authentication protocol must be used
Previous Post Next Post