Ever wonder why Google has Disabled Instant Phone Verification for Google Map Pins.
Well this was after Seattle techie, Bryan Seely created a fake listing for a Secret Service office to show loopholes in Google’s system that can allow scammers to divert traffic from local services.
Bryan Seely started by going to Google Map Maker which is the tool provided by Google that allows regular users to add information on local places to Google Maps.
He then created entries for two ATMs, including a phone number for each of the locations. The ATMs were actually real but the phone numbers were number that he had set up.
Then he went into Google Places, where businesses can create a place page and created a listing for the ATM which then requires a verification which was completed using the automated call to the phone numbers he had created for each ATM. This automated service provides him a PIN number which is then entered to make the place listings live in his control.
He then changed the to ATMs to be the Secret Service office in Washington and an FBI office in San Francisco which then once live means that in Google Maps this was now real.
He then set up the phone numbers to forward any calls to the actual Secret Service office in Washington or the genuine FBI office in San Francisco.
To monitor things he also recorded the calls received that were made to these numbers and the fake listings got calls.
Of the calls received one was from a Washington police officer calling the Secret Service to discuss counterfeit money he had discovered.
He then having completed the exercise pulled the plug after 24 hours. He went to the local Secret Service office in Seattle to show and explain what he had done and deleted the listings while there.
Google has disabled the instant phone verification now and in order to get a business listing you have to use the Postal Service to get a postcard containing your PIN to verify.