Tech Tip – Protecting Your Google Business Profile from Hijacking
Hello fellow BCN members and guests. During our fourth year renewal spotlight on April 13th, I recounted a tech tip story concerning the dangers of ignoring certain types of notifications that can cause Google Business profile hijacking. This is a follow-up article with more details and what you can do to protect your online presence.
How it Started
Every month I record the visitor stats for our virtual tours published on Google. In May 2022, I noticed the Google Business profile for a furniture store client in Alpharetta was changed.
- The business profile was renamed to Total Garage Care.
- The map marker was moved to a nearby strip mall but Total Garage Care is not a legitimate business at this location.
- All of the virtual tour photos (which show up as blue dots in the image below) still exist but the visitor traffic was no longer connected to the furniture store.
- The furniture store website link was replaced with the generic auto-generated Google business.site page. The scammer did not even bother to change the featured image.
- The customer reviews and photo galley were the only elements left untouched.
I reached out to the furniture store owner and learned that Google had transferred ownership to someone else… without the owner’s approval.
How To Lose Your Business Profile in Three Days
A scammer used the “Claim this Business” feature on Google Maps. Google sent the business owner an email with the title: “You’ve received an ownership request”.
The business owner ignored the notification from Google and never responded to the request. Here is the very important bit. Since the ownership request was never rejected, after THREE days Google automatically transferred ownership to the scammer. The original business owner was then completely locked out. All attempts to use the “claim this business” feature back to the original owner were unsuccessful as the scammer would manually reject the claim.
This is a known scammer exploit that Google has yet to shut down or provide a decent recovery solution. Scammers typically attempt to hold the profile for ransom to force the business owner to pay a hefty fee for its return.
No Help from Google
By the time I spoke to the owner of the furniture store, they had already created a second Google Business profile (losing all of their existing customer reviews, photos, etc.) All of the virtual tour photos were now benefiting the hijacked profile. The scammer never reached out to the business owner for a ransom. My suspicion is that the hijacking was coordinated by scripted bots.
We began the process to escalate the issue through Google Support as this was a clear cut case of a scammer hijacking the business profile. All of the photos and customer reviews were obviously from a furniture store, not a garage door installer. Sounds pretty straightforward, right?
It took four months and multiple escalations just to get a human to respond and eventually agree with our assertion that the profile was hijacked.
Their solution? We were referred to another support department that could return the stolen profile back to the original owner. After another six months of repeated escalations and no contact from Google support, the original business owner had given up hope of recovering the stolen profile.
Scamming the Scammers
I returned to the hijacked profile in February and absolutely nothing had changed. On the Friday before Valentine’s Day, I issued a new “claim this business” request to the hijacked profile, hoping to catch the scammers asleep at the wheel over the long weekend.
It worked! Three days later, I received partial ownership of the profile and limited access to the manager tools.
We immediately updated the profile address and requested a new verification code postcard from Google, which can take up to fifteen [agonizing] days to arrive. Once the postcard arrived, I was able to use the verification code to gain full ownership of the Google business profile.
The final recovery steps took another full week to update all the critical business information and transfer the profile ownership back to the business owner.
The entire hijacking ordeal took ten months to resolve.
While we have become so desensitized to the avalanche of spam in our inbox, never ignore notifications from Google as they may contain an unwelcome surprise that must be addressed to safeguard your online properties. A few quick recommendations:
- Make sure the email is coming from an official Google.com email address.
- Be skeptical of messages coming from gmail.com addresses.
- When in doubt, run a google search on the email title or keywords found in the email to see if the message is a known scam. Chances are someone else has encountered the scam and written about it.
I’ve written about other Google Business profile scams if you would like to read more. If you have any questions, feel free to ask me at an upcoming BCN event.
Contact Mythos Media
Someone will reach out to you soon!
We respect your privacy and will never spam or sell your information.