Google Maps Peeing Again? Reverse Vishing attacks reported in Asia

Google Maps is reportedly experiencing another security problem somewhat similar to the 2015 Map Maker debacle that allowed spammers, hackers and other merry makers to directly edit and wreak havoc with map information. The peer reviewed Local Guides program was eventually implemented as a replacement to improve local map information. However the current Google Maps does allow anonymous users to “suggest an edit” such as local business telephone numbers and this appears to be a security weakness and attack vector.

The Daily, a web site for the Daily Sports, not exactly a tech blog, reports that ‘reverse vishing’, is a problem for Google Maps in India and is spreading in Asia. Voice phishing, also called vishing, is when fraudsters call potential victims, reverse vishing is when the potential victim calls a fake number from a fraudster. The article describes frausters editing business information in Google Maps and supplying fake business numbers for banks and other lucrative targets. People calling the fake business numbers are subject to identity theft.

The article doesn’t offer direct evidence or go into extensive detail, such as why Google currently allows anonymous edit suggestions or how suggestions are vetted, but apparently the issue is real and sounds plausible if edit suggestions are not rigorously checked. The article concludes that Google needs to tighten security so that important business information cannot be changed without proper verification. The only work around is confirming contact information directly on a business web site.

See WWDC19 Apple Maps Wish list for related coverage