Google Business Profile Scams: Real Examples, Red Flags, & How to Protect Your Listing

Fake Verification Calls and Suspension Threats

A robocall or live caller claims your listing is “not verified,” “about to be suspended,” or “not showing up on Google Maps.” The caller pushes you to press a button, call back a number, or pay a fee to resolve it. The FTC took direct legal action against robocallers making these exact claims, documenting operations that falsely threatened businesses with removal from Google while collecting fees. A verified listing cannot be removed by a phone caller.

What makes this work: Service businesses depend on Maps for calls. The fear of losing visibility is real. Fake urgency prevents calm verification.

The “Keyword Issue” Robocall

The caller claims your listing has a problem with its “keywords.” Google Business Profile has no keyword field. It contains your business name, category, description, services, photos, reviews, and posts. No keyword configuration exists that a third-party caller can access or fix. This scam targets business owners familiar with SEO concepts. “Keywords” sounds real, which creates enough doubt to keep someone on the line. The goal is to collect payment for a service that does not exist.

Red flag: Any caller who claims to have identified a “keyword problem” in your Google Business Profile is fabricating the issue. Hang up without pressing any buttons.

Ownership Requests and Profile Hijacking

This scam targets the profile itself rather than the owner’s wallet. Google’s system includes a legitimate ownership request feature. Scammers exploit this workflow by sending ownership requests to businesses, often framed as maintenance or account security updates. When a staff member approves such a request without verifying the source, the scammer gains owner access. Once inside, they can change the listed phone number to redirect calls, edit the website URL to send traffic elsewhere, or lock the original owner out entirely.

One local marketing agency reported rejecting ten or more suspicious ownership requests per week across a portfolio of roughly 50 profiles.

Review Extortion

This scam starts with a sudden coordinated wave of one-star or two-star reviews. The reviewers often have no profile photos, similar writing patterns, and no prior history of reviewing local businesses. Within hours or days, you receive a message through WhatsApp, email, or social media from someone who claims they can remove those reviews for a price.

Google has formally acknowledged this as a scam pattern and released a dedicated Merchant Extortion Report Form specifically for these cases. According to local SEO professionals who have worked through this process, reviews submitted through the Merchant Extortion form are typically investigated and removed within a few business days when confirmed as coordinated attacks.

Phishing Emails and Fake Google Login Pages

Phishing emails targeting Google accounts replicate Google’s visual design and claim your profile has a policy violation or an action requiring your login. The link points to a fake login page designed to capture your credentials. Once the attacker has those credentials, they can access your Business Profile, Gmail, and any other Google service connected to that account.

The key check: look past the visual design to the actual sender domain. Real Google communications come from addresses ending in @google.com. Before clicking any link in an email about your profile, open a fresh browser tab and go directly to business.google.com to check your listing status.

While scammers can spoof display names, they rarely pass a “Sender Address” check. Legitimate, system-generated notifications about your profile, such as ownership requests, suspension notices, or verification updates, will almost always come from these two addresses:

1. google-my-business-noreply@google.com
2. businessprofile-noreply@google.com

If you receive an email from a generic service like @gmail.com, @outlook.com, or a domain that looks close but is slightly off (e.g., @google-support.net), it is a phishing attempt. Delete it immediately without clicking “View Profile.”

Verification Code Requests

A caller explains they need to “re-verify” your listing and asks you to read back a confirmation code they say Google just sent. That code is a one-time password generated because someone is attempting to access your Google account. Reading it to the caller transfers control of your profile to the scammer. Google’s own guidance is explicit: no legitimate Google representative will ever ask for a one-time password, PIN, or verification code.

Remote Access Requests

A caller claims they can fix your listing issue but needs to “access your computer” to do so. They direct you to download software like AnyDesk or TeamViewer. Once connected, the scammer can access credentials stored in your browser, capture your Google account password, or install monitoring software. No Google representative will ever ask you to install software or grant screen access to resolve a Business Profile issue.

Fake Invoices and Listing “Renewal” Charges

Some scams arrive as mailed invoices or emailed billing notices claiming the business owes a fee for listing maintenance, annual verification, ranking placement, or compliance with new Google policies. These are fabricated. Creating and maintaining a Google Business Profile is free. Google does not charge to keep a listing active, to appear in Maps results, or to pass any verification requirement.

How long recovery takes: Google states that verification reviews can take up to five business days. Anyone selling “instant reinstatement” or “guaranteed 24-hour recovery” for a fee is running a second scam on top of the first.

Staff Scam Call Protocol

• If a caller identifies as Google or claims to be calling about the Google listing, do not provide any information. Say: “We handle all account matters online. We do not verify or make changes by phone.” Then end the call.
• Do not press any button on a robocall about the listing.
• Do not share any code, PIN, or password regardless of what the caller says it is for.
• Do not approve any ownership or manager request without checking with the owner directly first.
• Do not pay any caller or invoice for listing services without owner approval.
• Write down the caller’s number and the call time, then tell the owner.

“We do not make account changes or verify anything by phone. Please send any notice through our Google account or contact us by email. Thank you.”

End the call after this. If the issue is real, it will appear in the Business Profile dashboard.

Does Google charge to keep a Business Profile active?

No. Creating, claiming, verifying, and maintaining a Google Business Profile is free. There is no annual fee, renewal charge, or maintenance cost. Any caller or invoice claiming otherwise is running a scam. Google Ads are a separate, optional paid product that has no bearing on whether your listing stays active.

Does Google call businesses about their profile?

Google does make outgoing calls to businesses in limited situations, including confirming hours, mapping phone trees, and verifying listing accuracy. These calls identify themselves as coming from Google at the start and come from designated number ranges including the 650-203-0000 series. The key distinction: no legitimate Google call requests payment, a one-time code, or urgent account action. Any call making those requests is a scam regardless of what the caller ID shows.

What should I do if I pressed 1 on a robocall?

Pressing 1 signals your number is active and typically results in more calls, not fewer. If you were transferred to a live agent but provided no payment or information, your main risk is more follow-up contacts. Block the number, save the details, and report the call to the FTC at ReportFraud.ftc.gov.

What is review extortion and how do I report it?

Review extortion is when someone floods your profile with fake negative reviews and then contacts you demanding payment to remove them. Google has a dedicated Merchant Extortion Report Form for this situation. Search “merchant extortion” in Google Business Profile Help while logged in. Do not pay or respond to the demand. Confirmed extortion cases submitted through this form have resulted in review removal within a few business days.

Can someone steal my Google Business Profile?

Yes, through phishing that captures your Google account credentials, or through ownership request approval where someone on your team approves a manager request from an account they assume is legitimate. Both are preventable through 2-Step Verification, controlled access to the profile, and a team policy requiring owner confirmation before approving any access requests.

What is the first security step to take today?

Log into your Google account and open your Business Profile settings. Check “People and access” and confirm the primary owner is an account you control. Remove any accounts you do not recognize. Then go to myaccount.google.com, navigate to Security, and turn on 2-Step Verification if not already active. These two actions take less than 15 minutes and close the most common entry points for profile hijacking.

Can I report a scam call even if I lost no money?

Yes. The FTC uses complaint patterns to identify the operations behind scam campaigns. File at ReportFraud.ftc.gov with the number, call time, and the content of what was said. For calls involving robocall technology, also report to the FCC at consumercomplaints.fcc.gov .

Is my home-based or service-area business more at risk?

Service-area businesses face specific vulnerabilities. Their address may be hidden on Maps, calls go to a cell phone rather than a staffed front desk, and verification processes for service-area listings can involve more back-and-forth with Google. The highest-impact change is confirming who has primary owner access to the Google account the profile is connected to.

One rule that covers every scenario: Never act from the incoming contact. Always verify inside your own Google account first. If the dashboard shows no problem, hang up, delete the email, and report the contact to the FTC.