Bank Scam Using Google Maps loophole
We know how easy it is to find a service on Google Maps. You need a plumber to fix your leaky tank, hit the Google Maps to get the guy who is nearby. Nevertheless, there’s a chance that you may end up finding somebody in the guise of a plumbers, who manage to list himself on Google’s online map service.
According to the English daily “The Hindu” a con artists edit bank contact details and get customers to share Personal Identification Numbers
Scamsters seem to have stumbled upon a gold mine in the form of a loophole in the Google Maps interface. Taking advantage of the fact that on Google Maps, an establishment’s contact details can be edited by anyone, a group of Thane-based con artists have been putting up their own contact numbers and getting customers who call them into revealing sensitive account details.
According to the Maharashtra cyber police, the trend began over a month ago. Police officers said that if one searches for a particular branch of a bank on Google, the results include the Google Maps page. But the contact information on the page, such as the address and phone number, can be edited by anyone as part of Google’s User Generated Content policy.
“We have received at least three complaints from the Bank of India (BoI) over the last one month. In all three instances, we immediately notified the authorities at Google,” Superintendent of Police Balsing Rajput of the State cyber police said.
Mr. Rajput said many customers search online for their bank’s contact details, and after getting the incorrect number, call it with their queries. Unknown to them, they are actually speaking to a scamster who, under some pretext, convinces them to reveal details such as their Personal Identification Numbers (PIN) or the CVV numbers of their debit and credit cards, enabling the scamsters to withdraw money from their accounts.
A BoI spokesperson said, “After these incidents came to our notice, we modified the contact details on these branch listings on Google Maps. We asked users to use only Bank of India’s official website to search for branch contact details.”
When contacted, a Google spokesperson said, “Overall, allowing users to suggest edits provides comprehensive and up-to-date info, but we recognise there may be occasional inaccuracies or bad edits suggested by them. When this happens, we do our best to address the issue as quickly as possible. The Google Safety Center outlines tips to help consumers stay safe online.”
Julia Sowells492 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.