Thousands Of Hotel Listings Were Hijacked In Google+ Local

Thousands of hotels listed within Google+ Local appear to have had links leading to their official sites “hijacked” and replaced with ones leading to third-party booking services. Google+ Local listings are what Google depends on to provide results in Google Maps or Google Search, when people look for local businesses.

A Hijacked URL

For example, here is the “verified” page for the Courtyard Marriott in Sherman Oaks, California:

The arrows show how the URLs for the hotel’s official website leads to “courtyardmarriott.roomstobook.info” rather than the hotel’s actual page here within the Marriott.com domain [note: the page has now been removed; see the end of this story].

Thousands Of Hijacked Listings

The hijacked listings all make use of links that lead to either RoomsToBook.Info or RoomsToBook.Net. Doing a search on Google for Google+ Local listings using these domains reveals how thousands of hotels appear to have been hit.

For example, a search for listings using the “RoomsToBook.Info” domain currently brings up 1,880 listings that appear to have been hijacked:

A search for the “RoomsToBook.Net” domain currently brings up another 1,150 listings that seem to have been hijacked:

Rerouting Visitors To Third-Party Booking Sites

Sometimes clicking on one of these hijacked listings for the RoomsToBook.Info or RoomsToBook.Net domains automatically forwards visitors — redirects them — to landing pages like this one within those domains:

In other cases, visitors were forwarded to the HotelsWhiz.com web site.

Attempts to contact the owners of RoomsToBook.Info, RoomsToBook.Net and HotelsWhiz.com have been unsuccessful.

Emails were sent to various addresses listed in the public “whois” information for those domains. A phone call made to the number listed on the HotelsWhiz.com site was answered by a call center in the Philippines, where the woman I spoke with said she worked for i-lotel.com, a site that doesn’t seem to exist.

There’s also been no response to a feedback form used on the HotelsWhiz.com web site, nor from a LinkedIn message sent to Karim Mawani, who is listed on LinkedIn as the director of HotelsWhiz.com.

I could be that HotelsWhiz isn’t connected with any of this. A third-party affiliate company, one that’s paid for sending leads, could have generated all this without HotelsWhiz’s knowledge.

However, both RoomsToBook.Info and RoomsToBook.Net use the DNS servers of HotelWhiz.info. DNS is the way that internet URLs know how to direct people to the right places. That suggests a connection to HotelsWhiz.com, especially in that HotelsWhiz.com also uses HotelsWhiz.info for its own DNS.

Whether any of these companies are ultimately responsible for the hijacking is uncertain. All we know so far is that these listings have been hijacked, but exactly how or why isn’t clear.

Postscript (4:10pm ET): I did hear back from Mawani via LinkedIn, who said:

We have recently seen this issue and have reported to Google webmaster already. If you have seen any links please forward it to me and I will submit the request.

Our team is already in process of blocking list of certain domains and IP addresses from back-linking us.

Thank you for pointing this out if you have any more external domains acting in above manner please report it to us on

I hadn’t noticed this response initially, because I assumed LinkedIn would forward the email or a notification to my regular account. Mawani flagged the response to me via email just now — the same email I also contacted him with directly over all this, so I’m unclear why he didn’t respond that way.

I’m following up with him for more details, including why his company shares the same DNS as the two other sites.

Postscript (6:30pm ET): Per the comments below, the Philippines call center woman seems to have been referring to l-lotels.com rather than i-lotels.com. The home page of that site looks identical to the HotelsWhiz.com site, other than its home page.

It also turns out that the l-lotels.com may have also been used to hijack some listings, as shown below:

The domain appears to have been used in relation to 371 verified listings and 1,460 listings overall.

Google: No Comment, But Clean-Up Behind-The-Scenes

Google would be the best company to speak on what happened, but after being asked, it said it had no comment. Twice — because I asked twice if Google was sure it didn’t want to say anything [note: see below, where after this story was published, Google said confirmed it was aware of the issue and working to fix it].

Google has clearly been busy, however, now that it has been alerted to the issue. Some pages that were formerly in Google+ Local have now been entirely removed, such as these:

Trying to go to these, all of which were previously verified Google+ Local listings, now brings up error pages.

In other cases, while Google’s search results still show that a page has had its URL altered, such as for this:

The page itself has been updated to list the official web address:

Quality_Inn_-_About_-_Google_-2

There are also duplicate pages that exist, which is perhaps how Google is dealing with pages that were verified, yet corrupted, by downgrading them in favor of unverified but correct pages.

For example, this story showed an example of the verified page for the Sherman Oaks Courtyard Marriott having a hijacked URL. While that page was still live, a search on Google Maps brought up a different, unverified page here.

And, about an hour after I saw and documented that verified but hijacked page coexisting alongside the unverified but correct page, the verified page was completely removed from Google+ Local, probably as part of Google’s clean-up efforts.

Postscript (2:37pm): Google has now said that I can confirm it is aware of the issue and is working to fix it.

Related Topics: Channel: Local | Features: General | Google: Maps & Local | Top News

Sponsored


About The Author: is a Founding Editor of Search Engine Land. He’s a widely cited authority on search engines and search marketing issues who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn



SearchCap:

Get all the top search stories emailed daily!  

Share

Other ways to share:
 

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • Matt

    http://www.hotelswhiz.com/terms.en.html

    If you look in the Ts & Cs of hotelswhiz, above, you’ll notice

    “Terms used in this Agreement The terms “we”, “us”, “our” and “IAN” refer to IAN.COM L.P., a Delaware limited partnership and/or our subsidiaries and corporate affiliates, including Travelscape LLC, a Nevada limited liability company (“Travelscape”)”

    Otherwise knows as Expedia….

  • http://www.timacheson.com/ Tim Acheson

    To quote another industry insider:

    Google business listings are a total joke

    You can’t have more than one location for your business, without each one having its own separate Google+ page — presumably another strategy for inflating user numbers at the expense of convenience and common-sense.

    When your business moves locations, it’s almost impossible to get rid of the old listing – and even if you do often the old one comes back a few days later!

    Google is a disgrace.

  • Nate

    Now it makes sense. I was wondering what a “lotel” was. I thought it maybe was a Filipino word for hotel.

  • http://localreachlabs.com/ Russell Hayes

    Are you serious? Google has a duty to it’s USERS and to all those who they provide services too.

  • Scott Davis

    Verified or not, if 2 or more people “correct” a Google+ page listing or Google Map listing, Google’s system changes the listing.

    Verified means NOTHING. It doesn’t lock down your data or guarantee you won’t have to spend the rest of your week calling Google to get your listings fixed… AGAIN.

    This is a design flaw with Google’s places system.

  • Scott Davis

    Odds are they used an API to push the URL changes through Google Maps.

  • Scott Davis

    This game has been going on for years… I work in Digital Marketing for hotels and we have quite a few Marriott, Hilton & the like that fight to keep their map listing URLs constantly, due to fly-by-night, foreign OTA’s.

  • http://www.rankinstyle.com/ Jacques Bouchard

    Whoa, there, cowboy. I don’t think you understand. I didn’t say SERP’s, I said “listings”. The evidence is clear and unequivocal — this is not snake oil and superstition. Your Google local listings show up on page 1, and they might as well be developed. Google’s doing more with those listings today than ever before. Check out this screen shot and then tell me there’s no value to building it out:

    http://www.jacqueslbouchard.com/sharing/google-local.jpg

  • Tom Lynch

    I think it has something to do with how the different sources are segmented currently on the backend. Google has Plus Local, Maps, Map Maker, Freebase, etc. Updates populate to the Plus Local profiles from potentially all of these sources and more, and I don’t think there is a cohesive integration strategy in place yet on the back end or the front end. If there was a fully formulated strategy then why wouldn’t Google have finalized the Plus Local Business page conversions yet en masse?? Right now there seems to be loopholes from Google’s internal databases who each seem to have different procedures for verifying and publishing places data.

  • http://www.timacheson.com/ Tim Acheson

    I’m not seeing what your point is.

    Being in Google Local is not what put that result on page 1. But being on page 1 is an additional reason to be in Google Local.

  • david oremland

    How often do you experience changes effected by third party sites? Is it always in the “local arena”? Do they go to the same booking sites or random sites?

  • david oremland

    Tim: I was referencing that I recall several years ago seeing similar problems with hotel sites having their contacts in the local section redirected to billing sites. The scam of redirecting hotel sites to billing sites within google local has evidently been something that has been occurring for some years.

    I didn’t realize that. I don’t do hotel sites. If in fact its been going on for some years I’m surprised the hotel seo’s haven’t raised holy hell about it.

    In reading through the long commentary it is apparent there are some big danged holes in the local verification/control system within google and this is the latest and possibly “greatest” example of it being spammed. I’m surprised it hasn’t gained wider exposure and even more surprised google hasn’t tried to plug this hole as its been occurring for years.

  • http://www.rankinstyle.com/ Jacques Bouchard

    My point is that Google puts its local listings all over the place on Page 1 just like that. That screen originally came up with the search “pizza Danbury CT” — I just clicked on a specific restaurant to show emphasis on just how many Google local details show up in the search. Having the best, most developed Google Local listing brings you business. ’nuff said.

    Remember, your original statement was “Seriously? There are some companies actually using Google Local?”. Yes. Yes, there are.

  • http://jameshalloran.net/ James R. Halloran

    That’s exactly what I’ve learned from the comments here.

  • http://jameshalloran.net/ James R. Halloran

    Tim, talk to Danny. He wrote the article.

  • http://www.thegraphicmac.com/ JimD

    This is why I prefer to simply call the hotel directly to book. If you insist on getting the “online rate,” they’re generally more than happy to give it to you if it means getting your business.

  • NOT RahmEmanuel

    ..says the simpering, reflexive Microsoft apologist/sycophant. :-)

    Gee, Timmy — lots of replies in this thread. Did the Redmond circle-jerk let out early, today?

  • blissfulight

    Hey Tim, the moderators that approve these kind of changes are called Google Listing Editors, and they’re contracted by the Google Places team, and they work out of India. They’re responsible for reviewing edits to claimed listings (including Maps Report a problem as well as Edit details). I’ve had considerable experience ‘working’ with them in MM as a mapper (see this thread in the MM forums: http://goo.gl/w2KHMB). High turnover, low pay, no training. They don’t follow the Google Places Quality Guidelines, and often reflexively approve or deny edits without first verifying the accuracy or quality of the changes. They’re responsible for a lot of bad data ending up on Google Maps, even to verified listings. Google Places has no quality control. There’s so many avenues to get bad data onto Places that it’s ridiculous, and the moderation processes that Google uses are terrible. This has been going on for years, but Google keeps ignoring it in favor of spam algorithms to detect these attacks, to little effect. Rather than investing in high quality workers and processes, they’ve gone the cheap route.

  • Matthew Hoff

    Wow, more Expedia spam. Wasn’t a link building company recently called out for their less-than-honest techniques used for Expedia?? Nice detective work. Luckily only 2 of my clients’ hotels were affected. I fixed one on Monday, and Google fixed the other one this morning.

  • http://www.timacheson.com/ Tim Acheson

    Thanks for the additional insight.

  • http://www.timacheson.com/ Tim Acheson

    You were seeking to blame victims for Google’s failures.

  • http://www.timacheson.com/ Tim Acheson

    Nothing in your comment alters anything in my comments.

  • http://jameshalloran.net/ James R. Halloran

    Whatever, Cowboy….

  • blissfulight

    Also, I should point out that Maps has a new Report a problem process isolated from MM, which used to show all the changes to all the listings. There could be a bug in that UI that allows spammers to make wholesale changes to listings, the bug in this instance being either auto-approval by a moderation algorithm or manual review and approval by GLEs or whatever designated team is supposed to be reviewing the changes.

  • http://www.ninjasuite.com/ glyn

    Hotels have been getting killed in Google over the past 12 months. With organic results pushed way down the page and waching more and more traditonal organic results being assigned to thePlaces/maps (mostly now below the fold of most devices and monitors), and now Google+ trumping everything it’s no surprise that someone has managed to corrupt what has always been the SEO communities secret knowledge of just how little with Google it appears to be about accurate information, and more about maximising the bottom line. If it’s accurate it’s a bonus not seemingly a requisite. That view might not be the case at Google HQ but it’s the perception some of us certainly have.

    The ease with which manipulation of data can occur with this latest revelatation is pretty much akin to all those maps people were creating 4 years ago or the fake reviews stuffed with keywords.

    I work in this field with hotels that are not going to be affected by these actions overly, but as I can sit here and imagine the ease with which someone could strip an affiliate list of hotels from one of the big OTA and then batch that through a system that leads to this result, the question must be asked, who’s benefiting from these massive lapses in the reliability of the information? If someone is getting paid 1p an hour and someone offers them £20 to approve listings, are they going to report it to their supervisor? The point is that the economy of scale is wrongly weighted: if you can’t do it well, don’t do it at all!

    This won’t even get noticed by the mainstream user, but there is a degree of integrity that any company with the market share for giving people knowledge should have. Otherwise it’s just another Wikipedia (which ironically always comes up top!).

    Glyn.

    ps. what I’d like to know Danny is where the source for this story came from?

  • http://www.it-sales-leads.com/ Barbara Mckinney

    I’m not blaming Google for this error Tim. What I’m trying to say is that they have to tighten their security as more and more bad guys out there who wants to ruin their reputation.

  • http://www.it-sales-leads.com/ Barbara Mckinney

    So what is your point?

  • ChamanaOficial

    This happened to our company, exactly the same. The competition was using our brand and redirecting to their websites. How they did it? I have NO idea. I send at least 12 emails to Google places support. No answer about this matter. Ever. No feedback at all.

  • Scott Davis

    It’s typically different OTA booking sites. We lost about 10 listings a few weeks ago to Venere .com who had managed to push their URL onto quite a few Marriott map listings.

    All in all, there are typically 5 to 10 map listing/plus page URLs we’ve lost at any given time. It’s a continual cycle of waiting 3-4 days after correcting the listing information before we get our listings back, then another 3-4 days before we lose them again. Quite frustrating and shows that verification means little to nothing with Google plus.

  • david oremland

    Thanks for responding. Though not in hotel seo I recall seeing this phenomena years ago w/ hotels losing records to booking businesses. That was years ago. I’m astounded the larger hotels at least haven’t created a big stink about this with google. Hell, they spend enough via ppc. Why haven’t the major hotel chains raised holy hell on this issue? Its theft. Google accommodates it and hasn’t bothered to plug the hole.

  • Scott Davis

    I was actually told that by a Google Places rep on the phone.

  • Scott Davis

    You can do this for verified listings as well. It requires 2 different users logged in and poking the listing with a URL update from 2 different IP addresses. (odds are same network IP would be rejected change wise)

    eurobooking .com and venere .com did this to quite a few of our hotel map listings a couple months back, and they were verified AND active Google+ accounts… (that’s how we knew almost immediately we’d lost our map listing — Still took over 3 days to get the listings back, which seriously hurt our traffic for those days)

  • http://www.CityVipConcierge.com/ City VIP Concierge

    This has happened to our company and began on January 4th, 2014.
    We are centrally located on The Las Vegas Strip and anyone would kill for our Business listing.
    Approximately a week and a half later “January 15th, 2014″ Google claimed to “fix” the problem but that really has not been the case.
    We were not given back our Hijacked listing with all of our posts, photos and most importantly reviews and were forced to create another listing.
    We have been a business for over 5 years and do believe we have done a superb job of marketing and SEO as prior to the hijacking we ranked #1 on a number of industry related google searches.
    Since the hijacking of our Google Business Listing we are receiving less hits daily than an hourly hits to the site before the hijacking.
    This has literally been a catastrophe and has cost our business tens of thousands of dollars in business.
    The timing could not have been worse as we’d begun marking for the CES “Consumer Electronic Show” here in Las Vegas January 7th – 10th and anticipated a substantial increase in business this year.
    Unfortunately due to the hijacking our site was nowhere to be found and I’m sure the company that has taken it over has experienced the highest sales numbers in company history off of our companies hard work.
    ***Today is Friday January 17th, 2014 and the problem is back. ***
    The same company has hijacked our listing.
    The worst of it is that it is not a licensed business in the state of Nevada and and the actually address that has been placed on our listing does not match our locations yet it is indeed our listing and location as everything is the same, “photos, posts, reviews, etc.”
    This has crippled our business and if it lasts the entire month January we don’t know how we will every be able to make it up.
    If anyone has any suggestions on how to speed up the fix or prevent something like this from happening?
    Your input is very appreciated.

  • http://SEARCH.lol/ David Neville

    Who’s more foolish; the fool or the fool that follows him? Expecting someone that you pay nothing to work for you is a disgrace. If you care about good search, then pay a good price.

  • http://reservationgenie.com/ Ivan Collins

    I’m seeing the same practice with our restaurant clients and posted a blog post about it here. http://www.reservationgenie.com/blog/17-many-restaurants-see-their-google-places-profile-hijacked Looks like online ordering companies are the main culprit. But we also spotted some social media promotion companies.

  • Joe Squires

    I know of a company that does this in their own way.
    They create a dummy gmail account using the name of the Owner of the business, claim the companies local business listing change the phone number and email, then hold the Business Owner hostage to outrageous ‘hosting’ fees and if the Owner refuses, they require a $750+ fee for the Owner to get their Domain names & Google products transferred. Isn’t it illegal?

  • http://reservationgenie.com/ Ivan Collins

    I spotted the same thing with my restaurant clients and wrote a post about it here: http://www.reservationgenie.com/blog/17-many-restaurants-see-their-google-places-profile-hijacked I referenced this article to add weight. One of the culprits, Eat Street, called to say they had permission. I think the restaurant didn’t now the repercussions. I wonder if the culprit behind the hotels version had some fine print that authorized it. Seems unlikely with the magnitude of the problem.

  • http://reservationgenie.com/ Ivan Collins

    I spotted the same thing with my restaurant clients and wrote a post about it here: http://www.reservationgenie.com/blog/17-many-restaurants-see-their-google-places-profile-hijacked I referenced this article to add weight. One of the culprits, Eat Street, called to say they had permission. I think the restaurant didn’t now the repercussions. I wonder if the culprit behind the hotels version had some fine print that authorized it. Seems unlikely with the magnitude of the problem.

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest

 
 

Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States

Europe

Australia & China

Learn more about: SMX | MarTech


Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!

 


 

Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide