Google Maps: Network of fake stores collects user data

Contents

Google is suing a man from the US state of Maryland, whom the search engine company accuses of creating fake business listings on Google Maps as part of a fraudulent network. Users who contacted the alleged businesses via their Google Maps appearances unknowingly disclosed their data to the fraudsters, for example by making requests to fake locksmiths.

According to the indictment, the accused teamed up with several other people and created a series of fake business profiles on Google Maps, for example of towing services, garage builders or locksmiths. He is said to have maintained these mainly in the area around the US capital Washington D.C., but also in Turkey, for example. Around 150 such fake businesses are said to have been involved.

Common practice in Germany too

Such profiles – which of course are not all fake – can also be found in Germany, for example if you search for a particular store in your area using Google. If the store has such a profile, it is usually displayed at the top with a picture, telephone number, opening hours, address and other important information. It is often also possible to contact the stores directly, for example by text message. This has long been common practice and is also used by several real businesses in Germany. Google users can also leave reviews, which are intended to ensure the authenticity of the Google sites.

But this is precisely what the accused took advantage of by falsifying the corresponding reviews with his accomplices. He targeted Google users who needed help quickly, for example because they had locked themselves out or their car had broken down. Google Maps can then be used to find a key or towing service in the immediate vicinity – and typically contact them straight away. However, the accused never intended to respond to such requests.

Victims often ended up with rip-off artists

Instead, he used the requests to generate data records with the information provided by his victims, so-called "leads", to sell them on. This also happens in the legal sector, but with the customer's consent and as part of genuine services.

In this case, the data from the inquiries often went to genuine companies with the corresponding offer. However, these were often dubious offers, such as locksmith services, which then charged Google users much higher fees than agreed in the fraudulent request. Anyone who became a victim and then wanted to complain to Google about the dubious Google site was in a bad position. The defendant regularly changed the websites at the respective addresses to entirely different businesses. For example, the company "ByDennis Cleaner" was shortly afterwards the locksmith service "MS Locksmith" – same address, different fake appearance. The defendant often garnished these with links to deceptively real-looking websites. Occasionally he made less effort: for example, the address of a supposed garage specialist led to a US National Guard barracks.

But on the whole, the scam worked, with customers' data being passed on to buyers without their consent, often with dubious business practices. The defendant is said to have engaged in similar shady dealings worldwide for years, including offering false Google reviews for sale in Israeli Facebook groups, for example. Eventually, however, the number of user complaints to Google increased and the constant changes to Google appearances (over 1000 from the beginning of 2023 to mid-2024) caught the search engine operator's attention. It was eventually able to identify the defendant and sued him.

Incidentally, creating false reviews or even false business listings on Google is prohibited by the terms of use, Google's Chief Legal Officer Halimah DeLaine Prado made clear once again in a statement on the case. The current legal dispute is a result of Google's efforts and sends "a clear message that impersonation schemes will not be tolerated", he told Business Insider. Google uses a range of tools to protect companies and users from such attacks.

Users should be vigilant

The US Federal Trade Commission (FTC) generally advises Google users to be vigilant. For example, by checking the URL of a company. It is also advisable to search for reviews or complaints about the URL or the name of the company to see if anyone has ever warned about it.

(nen)