Google Business Page Scam in Indonesia: A Growing Threat to Businesses and Consumers
Google Business Page Scam in Indonesia: A Growing Threat to Businesses and Consumers
Industry Updates

By Patricia A. Pramono • Studio 1080, Published on August 14, 2024

SHARE THIS ARTICLE

A new wave of cyber scam has hit Indonesia. In this very week, we have witnessed an alarming surge of it, specifically targeting the Google Business Pages of numerous establishments across the nation. This wave of digital fraud has affected a wide array of businesses, from prominent hotels and major banks to small local enterprises. The scammers have cunningly exploited vulnerabilities within Google's platform, allowing them to make unauthorized changes to critical business details. These alterations often involve inserting fake WhatsApp numbers or contact information into the business name, description, or address fields, leading to a cascade of confusion and financial losses among unsuspecting consumers.

This issue has quickly escalated, catching the attention of both the public and business community, as the scale and sophistication of these scams are unprecedented in Indonesia. The ease with which these scammers have managed to infiltrate such a widely used and trusted platform has raised significant concerns about the security of online business information. With the trustworthiness of Google’s services under scrutiny, businesses and consumers alike are left questioning how this could have happened and what steps can be taken to prevent further damage. As reports continue to surface, it becomes evident that this is not an isolated incident but part of a larger, more coordinated attack that could have long-lasting implications for Indonesia’s digital landscape.

Background and Context

Google Business Pages have long served as a vital tool for businesses worldwide, offering a reliable and accessible platform for connecting with customers. These pages are essentially digital storefronts, providing key information such as addresses, phone numbers, operating hours, and customer reviews. For many businesses, especially those with a strong local presence, a well-maintained Google Business Page can significantly enhance visibility and credibility, driving both traffic and online engagement.

However, the recent wave of cyberattacks has exposed critical vulnerabilities in this system, revealing that even the most trusted digital platforms are not immune to exploitation. Historically, Google’s business listing services have been seen as secure, with mechanisms in place to allow legitimate business owners to control and update their information. Unfortunately, the recent incidents have shown that these controls are not foolproof. Scammers have found ways to bypass verification processes, gaining unauthorized access to business profiles and making deceptive changes that mislead customers.

These scams have not only tarnished the reputation of affected businesses but have also shaken consumer confidence in the reliability of Google’s services. The consequences extend beyond immediate financial losses; they also involve long-term damage to brand integrity and customer trust. As the digital economy continues to grow, the security of online business information becomes increasingly critical. This recent breach serves as a stark reminder of the ever-evolving nature of cyber threats and the need for continuous improvements in digital security protocols.

The Recent Wave of Scams

Numerous businesses have fallen victim to hackers who have gained unauthorized access to their Google Business Pages just in this very week. In many cases, the scammers did not directly alter the official contact numbers. Instead, they inserted fraudulent WhatsApp numbers into the business name, description, or address sections, misleading customers and causing chaos.

Netizens have been vocal and expressed their concerns over the incident, “No official response yet regarding this major issue? It’s affecting everything from small businesses to major institutions.” While others share their experiences, “I was a victim too! At first, they claimed to be the owner in the Q&A section, providing a fake WhatsApp number. Recently, they even added a fake customer service number directly to the business address.”

The scam has affected businesses across major cities, including Jakarta, Surabaya, Bandung, and more, creating a nationwide crisis.

How the Scammers Operate

Scammers targeting Google Business Pages have developed a range of tactics to infiltrate and exploit these profiles, often with devastating effects on the businesses involved. 

1. Exploiting Google’s "Suggest an Edit" feature

This feature allows users to suggest changes to a business's information, such as its name, description, address, or contact details. While intended to help keep listings accurate, it can be manipulated by bad actors. When these suggestions are made, they are often approved with little or no verification, leading to the addition of fraudulent contact information like fake WhatsApp numbers or email addresses.

2. Attempting to gain ownership of the Google Business Profile

They might click on the “Own this business?” link, which triggers a request email sent to the current owner. If the owner or an unsuspecting staff member mistakenly approves this request, the scammers can take control of the profile, lock out the legitimate owner, and manipulate the information for fraudulent purposes. This includes changing the business name or category, which can mislead customers and cause significant reputational damage.

3. Fake reviews

Another tactic used by scammers is leaving fake reviews to lend credibility to the fraudulent changes. These reviews often contain misleading information, directing customers to contact the scammers instead of the legitimate business. Additionally, scammers might pose as Google employees through spam phone calls, convincing business owners that they need to pay a fee or provide access to their profiles under false pretenses. This can lead to unauthorized changes or even complete loss of access to the profile.

4. Local Guides program

Some sophisticated scammers also utilize the "Local Guides" program, which allows users to contribute reviews and suggest edits. By gaining a trusted status as a Local Guide, scammers can more easily manipulate business information and avoid detection.

Businesses have reported that even when they manage to correct these fraudulent changes, the scammers often return and re-edit the profiles, leading to a continuous cycle of deception. This has caused frustration among business owners, as repeated attempts to maintain accurate information are thwarted by persistent attacks.

Impact on Businesses and Consumers

The impact of these scams extend beyond mere financial loss, with businesses across Indonesia, from large hotel chains to small local shops, experiencing a sharp decline in customer trust due to the fraudulent changes made to their Google Business Pages. When customers contact these businesses using the fake numbers inserted by scammers, they often fall victim to various types of fraud. For instance, individuals looking to book hotel rooms or rent housing have been misled into making deposits to scammers, believing they were dealing with legitimate businesses.

These scams have not only led to direct financial losses but have also severely damaged the reputations of the affected businesses. When customers realize they have been scammed, they may associate the negative experience with the business itself, even though the business was also a victim. This erosion of trust can be difficult to rebuild, especially for smaller businesses that rely heavily on their local reputation.

Responses from Authorities and Businesses

As reported by CNN Indonesia, in light of these widespread attacks, business associations such as the Perhimpunan Hotel dan Restoran Indonesia (PHRI) have been quick to act. They have filed formal complaints with local authorities, including the police and cybercrime units, urging them to investigate and take action against the perpetrators. PHRI has also called on Google Indonesia to implement stronger security measures to prevent further incidents. 

However, many businesses feel that the response from Google has been inadequate. Despite the severity and scale of the attacks, there has been a noticeable delay in Google's response, leaving many businesses to fend for themselves during the initial stages of the crisis.

Preventative Measures

To safeguard against these types of scams, businesses are encouraged to take proactive steps in managing their Google Business Pages. First and foremost, regular monitoring is crucial. Business owners should frequently check their profiles for any unauthorized changes and immediately report suspicious activity. It's also recommended that businesses secure their Google accounts with strong, unique passwords and enable two-factor authentication (2FA) to add an extra layer of protection against unauthorized access.

In addition, businesses should limit the number of people who have access to their Google Business Profile, ensuring that only trusted individuals can make changes. It's also advisable to regularly back up business information and to keep detailed records of any changes made to the profile, which can help in quickly restoring accurate information if an attack occurs.

For consumers, it’s important to double-check business contact details through multiple sources before making any transactions. This could include visiting the business’s official website, calling the main office directly, or using other trusted online directories to verify information. Consumers should also be cautious of any unsolicited requests for deposits or payments and report any suspicious activity to both the business and Google.

Finally, raising awareness among both businesses and consumers about these types of scams can significantly reduce their effectiveness. By staying informed and vigilant, the community can collectively mitigate the impact of these cyber threats​.

 

References:

Akun Google Bisnis Sejumlah Hotel Diretas, Rekening Diganti-Dialihkan

45 Akun Google Bisnis Hotel di Bandung Diretas, Warga Harus Hati-hati

Waspada, Akun Google My Business Hotel di Seluruh Indonesia Terkena Serangan Hacker

Waspada Penipuan! Nomor Kontak Palsu Marak di Laman Google Maps Kantor Imigrasi

Massive Scam Wave Hits Indo Google Business Page

Don’t Let Scammers Steal Your Google Business Profile

Something Seems Phish-y? It Could Be. Watch Out for Google Business Profile Scams

 

You may like this...

Cybersecurity Insights
Understanding Malware Threats

Understanding Malware Threats

With digital transformation accelerating rapidly, understanding malware threats is crucial for both individuals and organizations. Malware, short for malicious software, refers to any software intentionally designed to cause damage to a computer, server, client, or computer network.

Read More
Industry Updates
PDN Data Breach and What Does it Mean For Us?

PDN Data Breach and What Does it Mean For Us?

In June 2024, we were rocked by a massive cyber attack that compromised our very own Pusat Data Nasional / National Data Center (PDN)

Read More
Industry Updates
 Ransomware Alert: EstateRansomware Exploits Veeam Backup Software

Ransomware Alert: EstateRansomware Exploits Veeam Backup Software

A newly discovered ransomware operation, dubbed EstateRansomware, has begun exploiting a recently patched vulnerability in Veeam Backup & Replication software.

Read More
Cybersecurity Insights
Ransomware in the Transport Sector: Proactive Cybersecurity Needed

Ransomware in the Transport Sector: Proactive Cybersecurity Needed

In January 2024, one of Indonesia's largest transportation companies became the target of a sophisticated ransomware attack. For an entire week, the company remained unaware that its systems had been breached, giving hackers ample time to infiltrate, exfiltrate, and potentially sell sensitive data.

Read More
Cybersecurity Insights
Cybersquatting & Typosquatting: How Dangerous Are These Cyber Crimes?

Cybersquatting & Typosquatting: How Dangerous Are These Cyber Crimes?

Cybersquatting and typosquatting are types of cybercrimes that involve exploiting domain names to deceive users or profit from the reputation of established brands.

Read More

Search Article by Category