By Patricia A. Pramono • Studio 1080, Published on August 14, 2024
TABLE OF CONTENTS
A new wave of cyber scam has hit Indonesia. In this very week, we have witnessed an alarming surge of it, specifically targeting the Google Business Pages of numerous establishments across the nation. This wave of digital fraud has affected a wide array of businesses, from prominent hotels and major banks to small local enterprises. The scammers have cunningly exploited vulnerabilities within Google's platform, allowing them to make unauthorized changes to critical business details. These alterations often involve inserting fake WhatsApp numbers or contact information into the business name, description, or address fields, leading to a cascade of confusion and financial losses among unsuspecting consumers.
This issue has quickly escalated, catching the attention of both the public and business community, as the scale and sophistication of these scams are unprecedented in Indonesia. The ease with which these scammers have managed to infiltrate such a widely used and trusted platform has raised significant concerns about the security of online business information. With the trustworthiness of Google’s services under scrutiny, businesses and consumers alike are left questioning how this could have happened and what steps can be taken to prevent further damage. As reports continue to surface, it becomes evident that this is not an isolated incident but part of a larger, more coordinated attack that could have long-lasting implications for Indonesia’s digital landscape.
Background and Context
Google Business Pages have long served as a vital tool for businesses worldwide, offering a reliable and accessible platform for connecting with customers. These pages are essentially digital storefronts, providing key information such as addresses, phone numbers, operating hours, and customer reviews. For many businesses, especially those with a strong local presence, a well-maintained Google Business Page can significantly enhance visibility and credibility, driving both traffic and online engagement.
However, the recent wave of cyberattacks has exposed critical vulnerabilities in this system, revealing that even the most trusted digital platforms are not immune to exploitation. Historically, Google’s business listing services have been seen as secure, with mechanisms in place to allow legitimate business owners to control and update their information. Unfortunately, the recent incidents have shown that these controls are not foolproof. Scammers have found ways to bypass verification processes, gaining unauthorized access to business profiles and making deceptive changes that mislead customers.
These scams have not only tarnished the reputation of affected businesses but have also shaken consumer confidence in the reliability of Google’s services. The consequences extend beyond immediate financial losses; they also involve long-term damage to brand integrity and customer trust. As the digital economy continues to grow, the security of online business information becomes increasingly critical. This recent breach serves as a stark reminder of the ever-evolving nature of cyber threats and the need for continuous improvements in digital security protocols.
The Recent Wave of Scams
Numerous businesses have fallen victim to hackers who have gained unauthorized access to their Google Business Pages just in this very week. In many cases, the scammers did not directly alter the official contact numbers. Instead, they inserted fraudulent WhatsApp numbers into the business name, description, or address sections, misleading customers and causing chaos.
Netizens have been vocal and expressed their concerns over the incident, “No official response yet regarding this major issue? It’s affecting everything from small businesses to major institutions.” While others share their experiences, “I was a victim too! At first, they claimed to be the owner in the Q&A section, providing a fake WhatsApp number. Recently, they even added a fake customer service number directly to the business address.”
The scam has affected businesses across major cities, including Jakarta, Surabaya, Bandung, and more, creating a nationwide crisis.
How the Scammers Operate
1. Exploiting Google’s "Suggest an Edit" feature
This feature allows users to suggest changes to a business's information, such as its name, description, address, or contact details. While intended to help keep listings accurate, it can be manipulated by bad actors. When these suggestions are made, they are often approved with little or no verification, leading to the addition of fraudulent contact information like fake WhatsApp numbers or email addresses.
2. Attempting to gain ownership of the Google Business Profile
They might click on the “Own this business?” link, which triggers a request email sent to the current owner. If the owner or an unsuspecting staff member mistakenly approves this request, the scammers can take control of the profile, lock out the legitimate owner, and manipulate the information for fraudulent purposes. This includes changing the business name or category, which can mislead customers and cause significant reputational damage.
3. Fake reviews
Another tactic used by scammers is leaving fake reviews to lend credibility to the fraudulent changes. These reviews often contain misleading information, directing customers to contact the scammers instead of the legitimate business. Additionally, scammers might pose as Google employees through spam phone calls, convincing business owners that they need to pay a fee or provide access to their profiles under false pretenses. This can lead to unauthorized changes or even complete loss of access to the profile.
4. Local Guides program
Some sophisticated scammers also utilize the "Local Guides" program, which allows users to contribute reviews and suggest edits. By gaining a trusted status as a Local Guide, scammers can more easily manipulate business information and avoid detection.
Businesses have reported that even when they manage to correct these fraudulent changes, the scammers often return and re-edit the profiles, leading to a continuous cycle of deception. This has caused frustration among business owners, as repeated attempts to maintain accurate information are thwarted by persistent attacks.
Impact on Businesses and Consumers
The impact of these scams extend beyond mere financial loss, with businesses across Indonesia, from large hotel chains to small local shops, experiencing a sharp decline in customer trust due to the fraudulent changes made to their Google Business Pages. When customers contact these businesses using the fake numbers inserted by scammers, they often fall victim to various types of fraud. For instance, individuals looking to book hotel rooms or rent housing have been misled into making deposits to scammers, believing they were dealing with legitimate businesses.
These scams have not only led to direct financial losses but have also severely damaged the reputations of the affected businesses. When customers realize they have been scammed, they may associate the negative experience with the business itself, even though the business was also a victim. This erosion of trust can be difficult to rebuild, especially for smaller businesses that rely heavily on their local reputation.
Responses from Authorities and Businesses
As reported by CNN Indonesia, in light of these widespread attacks, business associations such as the Perhimpunan Hotel dan Restoran Indonesia (PHRI) have been quick to act. They have filed formal complaints with local authorities, including the police and cybercrime units, urging them to investigate and take action against the perpetrators. PHRI has also called on Google Indonesia to implement stronger security measures to prevent further incidents.
However, many businesses feel that the response from Google has been inadequate. Despite the severity and scale of the attacks, there has been a noticeable delay in Google's response, leaving many businesses to fend for themselves during the initial stages of the crisis.
Preventative Measures
To safeguard against these types of scams, businesses are encouraged to take proactive steps in managing their Google Business Pages. First and foremost, regular monitoring is crucial. Business owners should frequently check their profiles for any unauthorized changes and immediately report suspicious activity. It's also recommended that businesses secure their Google accounts with strong, unique passwords and enable two-factor authentication (2FA) to add an extra layer of protection against unauthorized access.
In addition, businesses should limit the number of people who have access to their Google Business Profile, ensuring that only trusted individuals can make changes. It's also advisable to regularly back up business information and to keep detailed records of any changes made to the profile, which can help in quickly restoring accurate information if an attack occurs.
For consumers, it’s important to double-check business contact details through multiple sources before making any transactions. This could include visiting the business’s official website, calling the main office directly, or using other trusted online directories to verify information. Consumers should also be cautious of any unsolicited requests for deposits or payments and report any suspicious activity to both the business and Google.
Finally, raising awareness among both businesses and consumers about these types of scams can significantly reduce their effectiveness. By staying informed and vigilant, the community can collectively mitigate the impact of these cyber threats.
References:
Akun Google Bisnis Sejumlah Hotel Diretas, Rekening Diganti-Dialihkan
45 Akun Google Bisnis Hotel di Bandung Diretas, Warga Harus Hati-hati
Waspada, Akun Google My Business Hotel di Seluruh Indonesia Terkena Serangan Hacker
Waspada Penipuan! Nomor Kontak Palsu Marak di Laman Google Maps Kantor Imigrasi
Massive Scam Wave Hits Indo Google Business Page
Don’t Let Scammers Steal Your Google Business Profile
Something Seems Phish-y? It Could Be. Watch Out for Google Business Profile Scams
