Are you a homeowner or building manager?
Find a Contractor »

Understanding and Preventing Google Business Profile Scams

Posted on:

A Google Business Profile (GBP) is an online profile or listing for a business or location that includes important information such as location, contact resources, pictures, reviews, hours of operation, and a link to the company’s website. Your GBP appears in Google Maps and local search results when people nearby search for you or something similar to you.
Recently, this resource has been vulnerable to the growing problem of theft on Google. This new scam is harming businesses and destroying the positive online reputation they have worked so hard to establish. In 2021, Google blocked more than 100 million fraudulent GBP edits made by online profile thieves. Additionally, about seven million fake GPBs were removed from Google. Digital scams are growing in recent years, and it’s something for any business owner to be aware of. In this article, we’ll cover how GBP theft occurs and how you can protect yourself.

First: Prevention!

Want to avoid this problem altogether? Follow these five simple steps to prevent the theft of your GBP from happening in the first place.

  • One: Ensure you, the business owner, are the primary owner of your GBP.
  • Two: Create a backup owner account that you have access to.
  • Three: There are different access levels on your GBP. When granting permissions, make sure
    you’re granting only the access level required for that user.
  • Four: Enable two-factor authentication on your Google Workspace email.
  • Five: Limit the number of people that have access to your GBP account.

Now that you know how to prevent GBP theft, let’s take a deeper look into how GBP theft happens in the first place and what it can mean for you and your business.

How Business Profile Theft Occurs

As previously mentioned, when researching a business, all the essential information about that business appears in its GBP. Within the business profile, you’ll see a link prompting the business owner to claim and edit their profile. This is where the trouble begins.

Clicking that “Own This Business?” link prompts an automatic email to be sent to the current owner’s inbox. If you or an employee with access to this email account approves this request by mistake, your profile is now in the hands of a scammer. Once they’ve changed the information to fit their purposes, you’ll most likely be locked out of the account. Worse, if your email account is compromised, there’s really nothing you can do to prevent them from taking ownership and doing plenty more damage.

Additionally, if you ignore this request for access to your GBP, after three days, Google will assume no one has taken ownership of the profile and grant access to the requester automatically. If you see this request and you know that no one in your company has tried to access it, promptly reject the request. You can also file a report to Google about the email account that tried to access your profile.

The intent of a Business Profile thief is to use your positive reviews, images, and other legitimate profile stats to trick the public into getting in touch with them. If you find that your Business Profile has been hacked by a scammer, contact Google support in order to get your profile back. During this wait, trusting consumers may have already been taken advantage of by the scammer, and your positive reviews may start to tank.

Common Tactics Used by Thieves, Such as Phishing Scams and Hacking

As the internet has evolved and technology has advanced, so have the skills of online thieves. Sometimes a scam isn’t as simple as asking for your debit card information over the phone. A lot of scams acted out by internet criminals are easy to fall for if you’re not paying attention.

Should you choose to work with a business and want to avoid being taken advantage of, you’ll need to recognize the most common scams these Google Business Profile thieves use on the public.

Fake Social Media

Watch out for fake social media accounts! Scammers will take the name, images, logos, or other information of an existing company and create social media accounts disguised to look legitimate. While duplicate social media accounts are usually shut down fast, these scammers will use the time they have to swindle unknowing customers with targeted ad campaigns in order to get them to go to their website and steal personal information or money.

Website Dupes

Another common tactic used by internet hustlers is creating a website that looks shot for shot the exact same as the one they are impersonating. First-time customers are vulnerable to this kind of scam, but so are those who have visited the site before, as these websites are almost too hard to tell apart. These fake websites are often stumbled upon by clicking on links in fake social media accounts, ad campaigns, or email blasts.

Phishing Scams

A phishing scam is when a scam artist implements a brand’s logo or name in emails and sends them to real employees or customers. When this happens, if the recipient opens the email and clicks on any links provided, the scammer can access private information such as bank account info, identification info, and so on. The thief can then use this information to steal identities, take out money, obtain credit cards, and so on.

Tax Fraud

You’d be surprised how vulnerable some companies are to tax fraud. Internet scammers look for public documents that contain sales tax numbers or business license numbers in order to file fake tax returns get a large tax refund. If you fear your business may have this kind of information available for anyone to see, it is imperative that you have it removed.

Holding Your Trademark for Ransom

It is possible that an online criminal might take your business name or logo and have it registered as an official trademark. The plan is to have you realize they stole your trademark before you could claim it yourself and hold it for ransom (for a large fee) in order to get it back.

Fraudulent Invoices

Look out for fake invoices that identify as a legitimate business or a business partner of yours. If you’re not expecting an invoice or you suspect a scam, contact the company directly and investigate what’s going on. Do not send over money before confirming the legitimacy of the invoice.

Additional Tactics Used By Online Scammers Can Include:

  • Pretending to be a trusted business in order to gain personal information such as bank account information, social security, passwords, etc.
  • Using urgency to get you to sign something or give over information. Example: discounts and deals that are quickly expiring or one-time offers.
  • Intimidation and fear. Scammers convince you that you need to pay a fee or sign something over to prevent bad consequences.
  • Untraceable payment methods. One of the most common scams. Thieves will request payment via wire transfers, reloadable cards, or gift cards so that you can’t get your money back once its gone.


The Consequences of Business Profile Theft

The consequences of Google Business Profile theft don’t just happen while your profile is being held hostage. Once you get your profile back again, you’ll have to do some serious damage control. Here’s what you might experience after a profile hack has been resolved.

Ruined Reputation

If your clients get wind of this hack and any damages done to those who were in the wrong place at the wrong time, they may not continue to be repeat customers. This can also damage your relationships with creditors and business partners. Your customers may have a change in perception when it comes to your business and not see you as a secure investment anymore. You can lose trust and future business. Not to mention those who were affected by the scam artist will probably leave many negative reviews.

Lost Revenue and Time

Depending on how long the scam artist had control over your accounts, the financial loss can be quite devastating. As a business owner, you might find that due to the significant loss, you may struggle to pay employees, partners, vendors and so on. Get in touch with your bank and try to file as many claims as you can to try to reverse some of the damages. In addition to lost revenue, you’re also going to be spending a lot of time recovering a stolen Business Profile. There are plenty of hoops to jump through to prove to Google you are the rightful owner, and that’s by design. Be prepared to spend a lot of time and effort recovering the listing.

Complicated Tax Disputes

If the person or people that took over your business identity got as far as obtaining fraudulent tax returns, you’re going to have quite a time clearing things up with the IRS. Not only can this take a lot of your time, but can also be a costly process.

How to Detect Business Profile Theft

One of the most obvious red flags is that your Google workspace is having unusual logins. If you’re seeing users you don’t recognize accessing files, especially ones from outside of the country where you operate, you may have been infiltrated. You may also see some failed login attempt emails to your account from Google in your inbox. Don’t ignore these! Other major warning signs can include unusual email activity you don’t recognize originating from your account, or file sharing activities you don’t recall taking. In short, any activity involving your Google accounts or workspaces that you believe is unusual is a sign that something isn’t quite right. Be sure to take this seriously, and involve your IT department or web admin to investigate further.

Remember, being diligent to monitor activity on your Google Business Profile as well as your Google workspace is the first step to preventing unwarranted access.

How to Claim Your Google Business Profile

Claiming your GBP is easy! If your business hasn’t been claimed, go to Then enter the name and address of your business and choose it from the search results. If it has, you can find your business using Google Search or Google Maps, and then select the Business Profile and click the “Claim This Business” link.

If the Business Profile is already claimed, you’ll get a message saying so. If you are authorized to manage the GBP, you can request access from the current owner and fill out an access form. The current owner will then get an email requesting them to contact you, and a final confirmation email will be sent.

If you do need to recover your GBP, check out this GMB Gorilla article and look at the “Submit a Ticket for Profile Reinstatement” section.

Be Vigilant!

If you haven’t already claimed your Google Business Profile, make this a top priority before you run into identity thieves. It’s a very simple process that can save you the headache of lost revenue, a tarnished reputation, unhappy customers, and having to build your business profile back up to its former glory.

Your reputation and resources are at stake. Be vigilant!

RYNO Strategic Solutions

Posted In: Corp Partner Spotlight, Office & Technology

Looking for an ACCA QA Accredited Contractor?

Are you a homeowner or building manager?


join now

PLUS It's Risk Free!