Everything you need to know about SEO, delivered every Thursday.
Google Believes It Has Ended (Some) Hijacked Listings In Google Maps
Recent statements suggest that Google believes it has eliminated the hijacking of claimed business listings in Google Maps, and that hijackings overall (of both claimed and unclaimed listings) are now a rarity.
Speaking last week at SMX West, Google’s Jennifer Chin, also known as “Maps Guide Jen” in the Google Maps Help Forum, said that overall hijacking is “rare” now on Google Maps. I paraphrased Jen’s comments on my Small Business Search Marketing blog:
“We’re confident that hijacking is rare now, and we’ve put in a lot of checks to prevent it. Some cases that look like a hijacking really aren’t.”
Most hijackings on Google Maps involve unclaimed business listings, as Danny Sullivan showed previously when he took over Yahoo’s listing, put it in Microsoft’s name, and turned them into an escort service. The problem here is that Google takes a wiki-like approach to unclaimed business listings, allowing anyone to change them.
The more specific issue surrounds the hijacking of claimed business listings, something that should, in theory, never happen. But in practice, it does.
Mike Blumenthal wrote last week that Google now says they’ve fixed a vulnerability that allowed spammers to take over claimed listings. This was a particular problem in the locksmith industry. From talking with marketers in that industry, Mike learned and described how amazingly simple it was for anyone to take over a claimed listing:
“The ‘blackhat’ would create, in their Local Business Center account, a new local business listing with exactly the same information as an existing Locksmith would. The fields would be identical to the legitimate listing with the exception of a different phone number which Google would verify against. Once the new record was validated, the content would merge with the other data in the cluster but take precedence as the most recent. Once the record was secure in the wrong LBC account, the URL could then be changed.”
Google didn’t specifically explain how they’ve fixed this vulnerability, but using a postcard to verify a phone number change — rather than calling the new phone number — would be one obvious step in the right direction.