How Scammers Are Using Google Maps to Rob Victims

Once again, cybercriminals are surprising us (well, maybe not — they’ve already been exposed!): They’re misusing brands to pull off a scam in Google Maps. Bank of India customers fell for this new kind of fraud. Believing they were in contact with the bank’s official channels, they ended up revealing sensitive data to scammers.

The scam went something like this: First the scammers changed the bank’s phone number on Google Maps—this happens due to its User-Generated Content Policy, which works like Wikipedia and allows the entire web community to make changes visible to others.

An address editing page from Google Maps. So could this open the door to fraud?

Later, the scammers would receive calls from customers and seize their sensitive account data, including entire credit card numbers along with their CVC (Card Verification Code—those three numbers on the back that serve as the “password” for online purchases).

This scenario is really worrisome because, in a case like the Bank of India, the bank had to contact the Maharashtra State Police authorities at least three times (!). Google has done everything possible to reduce the incidence of cybercrimes, but obviously they can’t take action in every kind of fraud on the Internet.

Cybercriminals have proven that they are on top of any kind of innovation they can use in their scams, and that’s why it’s imperative that we be even more alert. In addition to truly “evolving” their fraudulent schemes, these scammers can also cause unwanted client and consumer data leaks.

Here at Axur we are constantly at work (with a little help from our bots) to identify threats that can inflict terrible damage on your brand: check out the solution for Brand misuse and fraudulent brand use, and the many other solutions that will protect your company from the most diverse kinds of data leaks. And there’s more: If you would like to be able to monitor payment cards by using BINs specific to your brand, find out about CardCast.