nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes

Revealed: Scammers plaster Google Maps with pins to lure punters from honest traders

Research shows how web mapping service can be abused

By Katyanna Quach, 19 Apr 2017

Computer scientists at the University of California, San Diego, and Google, are clamping down on fake businesses trying to scam victims through Google Maps.

Most Google search results are influenced by your physical whereabouts. Googling restaurants, movie theaters, or hairdressers runs up a list of businesses Google Maps believes are nearby. Scammers abused this by registering more than 100,000 fraudulent companies on the popular web mapping service between June 2014 and September 2015.

Essentially, the miscreants spam Google Maps with registrations for business locations so that they have a greater chance of popping up at the top of search results when someone tries to look up a plumber or locksmith, and so on. There's no actual business at all the registered locations: it's just a filthy trick to make sure you come top, or near the top, of the lists.

Ultimately, this steers web traffic and customers away from real companies. Over 40 per cent of the false Google Map addresses are for on-call contractors like plumbers, locksmiths or electricians. And victims are often quoted a low price over the phone, only to demand a higher fee when the crooked contractors show up.

It’s a new form of “black hat search optimization,” the research team wrote in a paper presented at the International Conference on the World Wide Web in Perth, Australia, earlier this month, and publicized on Tuesday.

Besides this, other trickery includes setting up false pins for real hotels or restaurants on Google Maps. Over 12 per cent of fake listings, we're told, attempted to make money by creating websites that directed punters to the businesses’ real website, where customers can make reservations or book holidays. Cash can be pocketed by getting a commission for each reservation or referring traffic to the real websites.

It’s relatively simple to register a business on Google Maps. All that is needed is a Google account, an address and a phone number to get started. The second stage involves signing up for Google Maps. Google will then send a postcard with a verification code to the business’ address. Once the code is entered, the listing is approved and pops up in the app.

Around 85 per cent of these fake applications do not make it to the Google Map stage. But the rest get through, as they rent PO boxes under those specific addresses to nab their verification codes. Multiple sham businesses can be registered by using fake suite numbers for the same address. It takes an average of 8.6 days for false listings to be taken down after creation.

The majority of these counterfeit listings are in the United States (56.5 per cent), followed by India (17.5 per cent) and France (5 per cent). Further analysis shows most activity is concentrated in the most populous states: California, New York, Florida, Texas, Illinois and New Jersey.

Google is cracking down on abuse by detecting common discrepancies in deceptive listings that can be weeded out in the future by anti-spam algorithms. Only a limited number of verification postcards can be sent to the same address, and using non-existent suite numbers is no longer valid. ®

The Register - Independent news, views and opinion for the tech sector. Part of Situation Publishing