ABSTRACT
In this paper, we investigate a new form of blackhat search engine optimization that targets local listing services like Google Maps. Miscreants register abusive business listings in an attempt to siphon search traffic away from legitimate businesses and funnel it to deceptive service industries---such as unaccredited locksmiths---or to traffic-referral scams, often for the restaurant and hotel industry. In order to understand the prevalence and scope of this threat, we obtain access to over a hundred-thousand business listings on Google Maps that were suspended for abuse. We categorize the types of abuse affecting Google Maps; analyze how miscreants circumvented the protections against fraudulent business registration such as postcard mail verification; identify the volume of search queries affected; and ultimately explore how miscreants generated a profit from traffic that necessitates physical proximity to the victim. This physical requirement leads to unique abusive behaviors that are distinct from other online fraud such as pharmaceutical and luxury product scams.
- Google. Understanding consumers' local search behavior. https://think.storage.googleapis.com/docs/how-advertisers-can-extend-their-relevance-with-search_research-studies.pdf, 2014.Google Scholar
- Google. Enrich Google Maps with your local knowledge. https://www.google.com/mapmaker, 2016.Google Scholar
- Google. Guidelines for representing your business on Google. https://support.google.com/business/answer/3038177?hl=en, 2016.Google Scholar
- Google. Show people you're open for business. https://www.google.com/business/, 2016.Google Scholar
- Google. Verify a local business on Google. https://support.google.com/business/answer/2911778?hl=en, 2016.Google Scholar
- Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, and Giovanni Vigna. Drops for Stuff: An Analysis of Reshipping Mule Scams. In Proceedings of the Conference on Computer and Communications Security, 2015. Google ScholarDigital Library
- Kyle Iboshi. "Pyramid Scheme of Locksmiths" Clogs Portland Market. http://www.kgw.com/news/investigations/pyramid-scheme-of-locksmiths-clog-portland-market/56421738, 2016.Google Scholar
- Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade. In Proceedings of the USENIX Security Symposium, 2011. Google ScholarDigital Library
- David Segal. Fake Online Locksmiths May Be Out to Pick Your Pocket, Too. http://www.nytimes.com/2016/01/31/business/fake-online-locksmiths-may-be-out-to-pick-your-pocket-too. html, 2016.Google Scholar
- Kurt Thomas, Chris Grier, Vern Paxson, and Dawn Song. Suspended Accounts In Retrospect: An Analysis of Twitter Spam. In Proceedings of the Internet Measurement Conference, 2011. Google ScholarDigital Library
- Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, and Damon McCoy. Dialing Back Abuse on Phone Verified Accounts. In Proceedings of the Conference on Computer and Communications Security, 2014. Google ScholarDigital Library
- Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, and Vern Paxson. Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse. In Proceedings of the USENIX Security Symposium, 2013. Google ScholarDigital Library
- Cadie Thompson. Android bot spotted urinating on Apple in Google Maps. http://www.cnbc.com/2015/04/24/android-bot-spotted-urinating-on-apple-in-google-maps. html, 2015.Google Scholar
- David Y. Wang, Matthew Der, Mohammad Karami, Lawrence Saul, Damon McCoy, Stefan Savage, and Geoffrey M Voelker. Search + Seizure: The Effectiveness of Interventions on SEO Campaigns. In Proceedings of the Internet Measurement Conference, 2014. Google ScholarDigital Library
- David Y. Wang, Stefan Savage, and Geoffrey M. Voelker. Cloak and Dagger: Dynamics of Web Search Cloaking. In Proceedings of the ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
- Zhi Yang, Christo Wilson, Xiao Wang, Tingting Gao, Ben Y. Zhao, and Yafei Dai. Uncovering Social Network Sybils in the Wild. ACM Transactions on Knowledge Discovery from Data (TKDD), 2014 Google ScholarDigital Library
Index Terms
- Pinning Down Abuse on Google Maps
Recommendations
Towards Abuse Detection and Prevention in IaaS Cloud Computing
ARES '15: Proceedings of the 2015 10th International Conference on Availability, Reliability and SecurityCloud computing is frequently being used to host online services. Abuse of cloud resources poses an important problem for cloud service providers. If third parties are affected by abuse, bad publicity or legal liabilities may ensue for the provider. ...
Measurement and Early Detection of Third-Party Application Abuse on Twitter
WWW '19: The World Wide Web ConferenceThird-party applications present a convenient way for attackers to orchestrate a large number of fake and compromised accounts on popular online social networks. Despite recent high-profile reports of third-party application abuse on popular online ...
SMS Spam
ICETE 2014: Proceedings of the 11th International Joint Conference on e-Business and Telecommunications - Volume 4Spam has been infesting our emails and Web experience for decades; distributing phishing scams, adult/dating scams, rogue security software, ransomware, money laundering and banking scams... the list goes on. Fortunately, in the last few years, user ...
Comments