Unfortunately, it’s relatively easy for an unsolicited user to gain access to your profile and make unwanted changes. Recently, we have been seeing an increase in WhiskerCloud clients receiving emails from Google concerning requests made by scammers to be added as a user to their clinic’s GMB profile. This type of trickery is different and, therefore, slightly harder to identify than most other bogus email scams because the email is actually legitimate, while the request itself is not.
What happens if a scammer gets a hold of your GMB profile?
If a user has access to your GMB profile, depending on the level of user, they are able to make changes to your profile that are then publicly displayed on Google searches. These users can make changes to your clinic’s hours of operation, services, location, etc., and because you are not notified of each change that occurs to your GMB profile, you could have incorrect information displayed to anyone who searches for your clinic or have your GMB profile deleted altogether.
This could be harmful to your business as it allows incorrect information to be advertised on the most popular search engine, potentially confusing clients or directing them to your competitors.
Below is an email one of our clients received directly from Google with a request from a scammer.
So, what do you do if you receive one of these emails?
A natural response to phishing and scam emails is to simply ignore or delete them. However, in this case, it is highly recommended to respond. As long as the email is directly from Google (you can confirm this by checking that the sender’s email address ends in “@google.com”), you should click the “Review Request” button and reject the phony request, making sure to include a reason why. If the email is ignored or deleted and the request goes unanswered for too long, it has been reported that Google can automatically grant the scammer access to your Google My Business profile. On Google’s official Request Ownership of a Business Profile page, they instruct that “if you don’t get a response after 3 days, you might have the option to claim the profile yourself.”
To avoid the possibility of a scammer getting a hold of your profile, it is best to take the step to actively deny the request.
After clicking “Review Request” on your email, you will be directed to a webpage that gives you the requester’s contact information and asks if you will grant or reject the request. If you cannot verify the person requesting access or you are not expecting a request, reject it. There will also be a section where you can add a note to Google. This is where you can notate that the requester is a spam account and they have no attachment to your business.
To keep your GMB profile secure, not only should you keep up with your emails to ensure you are responding to any request for ownership as quickly as possible, but you should also periodically check into your GMB profile to verify that all the information about your business is up to date and accurate.
In most cases, it is easy to identify a scammer that is requesting access to your GMB account. However, just like with any scam, tactics constantly evolve to make fraud more difficult to recognize. If you are a current WhiskerCloud client and have any suspicions about a phony GMB request, you can always reach out to firstname.lastname@example.org. Our team will help you sort it out.