Advice From Google on Avoiding Scams Directed at Small Businesses

illustration of google logo compared to fake logo

This post is part of the series, SmallBusiness.com Guide to Business Computer and Tech Security: Advice, alerts and information about digital security threats faced by small businesses. You can browse other posts in the series below.

  1. IRS Issues Urgent Warning to Small Businesses: Beware of W-2 Phishing Scam Return | 2017

  2. Lynda.com Alerts 9.1 Million Users After 55,000 Accounts Are Breached | December 2016

  3. What Does HTTPS Mean? And Why a Small Business Website Needs the ‘S’

  4. Yahoo Security Breach is Another Reminder of Why Password Protection is Critical to Your Business

  5. Homeland Security Tips for Choosing Harder to Hack Passwords

  6. Passwords Are Stolen Everyday; How to Protect Yours From Being One of Them

  7. How to Recognize and Avoid an Attempt to Crack Your Two-Step Verification Passwords

  8. How Voice Recognition Software is Being Used to Detect Cyber Criminals

  9. How to Avoid a New Cyber Attack Attempting to Access Small Business Bank  Funds

  10. Seven Resolutions for 2016 That Will Help Protect Your Small Business Computers

  11. Top Ten Free Antivirus Utilities For Your Small Business | 2016

  12. Most Small Businesses Have No Cyber Attack Response Plan

  13. If Your Business Bank Account Gets Hacked, Your Bank May Blame You

  14. Why You Should Still Use a Password Management System, Even if You Heard One Was ‘Hacked’

  15. Advice From Google on Avoiding Scams Directed at Small Businesses

  16. More Tips for Actively Managing Your Passwords

  17. What Small Business Customers Should Know and Do About the JPMorgan Chase Cyberattack

  18. How Hackers Use ‘Social Engineering’ and How to Prevent It

  19. Ten Tips From the FCC for Improving Your Small Business Cyber Security

  20. Password Protection Advice from SmallBusiness.com

  21. Ebay Asks 145 Million Users to Change Passwords

  22. What is Two-Step Verification and Why You Should Start Using Them

  23. How (and Why) to Use a Password Management Application

  24. How to Reduce the Odds of Being Hacked While Using Public Wifi

In another post today, we provide a heads-up warning to be on the look-out for a telephone scam in which a con-artist calls your business and claims to be from Google.

As you would expect, Google works hard to prevent its name from being used by scammers hoping to prey on consumers and small businesses. The following advice from Google on avoiding scams directed at small business is from the company’s support team.)

Google Lotto scam

You receive an email claiming that you’ve won a Google Lottery and are asked for personal details. You may also be asked to pay a fee to release the funds (such as a money release fee, currency exchange, etc.).

Google doesn’t run lotteries, and your email address hasn’t been selected to win a prize. Do not reply back with your personal details.

Resources:

  • Report the email as spam or phishing to your email provider. If you have Gmail, learn how to report spam and report phishing.
  • If the email was sent from a Gmail address, you can report abuse to help Google take appropriate action on accounts involved in this scam.
  • Spam: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
  • Phishing: Phishing is a type of online fraud where someone tries to trick the victim into revealing sensitive details such as a username, password or credit card details, by masquerading as a trustworthy entity in an electronic communication.

Google Wallet vehicle purchase scam

You find a cheap car online, and the seller claims that for your protection the purchase will be completed via Google Wallet. The car price is “too good to be true” and the seller claims a need to sell the car quickly because he or she is moving, moving out of the country, being called for military service, getting a divorce, etc. The reality is that there is no car, and you won’t be using Google Wallet. Instead, the seller will send you an invoice that appears to be from Google Wallet, but will instruct you to make the payment via Western Union, MoneyGram or bank transfer.

A legitimate Google Wallet transaction will require that you sign in to your Google Account and execute the payment using the Google Wallet interface. Google Wallet does not accept wire transfers/bank transfers or payments via Western Union/MoneyGram, nor does it use any escrow type of payment.

Google Wallet used to be called Google Checkout, and some scammers still use the Checkout logo and trademarks in their emails and other communications.

Resources:

  • Read more about the Google vehicle purchase scam.
  • If you think you’ve encountered a scam involving a fraudulent Google Wallet transaction, complete this form to provide information to Google. The information you provide us with may be used to further investigate this matter in aggregate, and may be shared with the appropriate authorities as part of our effort to shut down these types of operations.
  • If you received the email from a Gmail address, you can report abuse to help Google take appropriate action on accounts involved in this scam.

 Google Account Recovery Scam via SMS Messages

If you receive a text message claiming your Google Account has been compromised, use a computer to go to Google Account Security settings and review your recent activity to make sure no one unauthorized has accessed your account. Do not respond to unsolicited text messages with personal information. Also, beware of messages that claim Google needs to call you to verify your identity. Google will not send you a text message that asks you to respond by text or phone call to verify your identity if your account has been compromised. Here’s an example of what a scam message might say:

  • Google Message #42132: Your Gmail has been compromised by hackers. Google needs to call you to verify your identity. Text back with ‘READY’ when you are ready to recieve this call.

If you receive a message similar to the one above, do not respond. Instead, forward the message to your cell phone carrier’s SMS spam reporting number. For most carriers, this number is 7726.

Also, Google Voice allows you to mark messages as spam so that future messages from that number will automatically be considered spam and you won’t receive any notifications about it.

Resources:


Google top placement/SEO scam

Google never guarantees top placement in search results or AdWords. Beware of any company making these types of promises.

Resources:


Google Maps/SEO fake invoices

Google does not charge for inclusion in Google Maps. Be wary of invoices for services received — especially if nobody in the business remembers purchasing those services. Make sure to perform due diligence on any financial transaction.

Resources:

Learn how to add or claim your business on Google Maps at Google My Business.


Google telemarketing calls

Watch out for parties calling and selling services claiming to have a special relationship with or claiming to be Google. Often, these parties are telemarketers that are not affiliated with Google and are trying to leverage the Google brand to sell your business some type of online service. Keep in the mind the following:

  • Google does not place robocalls.
  • Google does not call to “update your front page listing” or ask you to “claim your free website.”
  • Google does not charge for inclusion in Google Search or Google My Business.

Resources:

If you are continually being contacted by a telemarketer claiming these things and are on the do not call list, you can file a complaint at the National Do Not Call Registry.


Google/Zagat job scam

This type of scam operates by telling people they have been given a job with Google/Zagat. However, they have to pay a training fee (or some other type of fee) before they can start. In reality, they have not been given a job with Google, but rather they’ve been tricked into sending money to a scam artist.

Resources:


Gmail update phishing

Many phishers actively target Gmail users and attempt to steal their credentials. Phishers will often say that you need to update your Gmail account information or your account will be suspended. The link provided in the email will appear to be https://accounts.google.com, but in reality the link will take the user to a site controlled by the phisher. Beware of these types of emails, and always double check that the URL in the address is what you expect before entering personal information or passwords.

Resources:

  • Learn some steps to help you determine whether a message is phishing.
  • If you have Gmail, consider turning on two-step verification to add an extra layer of security to your Google Account.
  • If you received the phishing email from a Gmail address, you can report abuse to help Google take appropriate action on accounts involved in this scam.
  • Spam: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
  • Phishing: Phishing is a type of online fraud where someone tries to trick the victim into revealing sensitive details such as a username, password or credit card details, by masquerading as a trustworthy entity in an electronic communication.

Google AdSense Scam

If you’ve received an unsolicited phone call or e-mail from someone claiming to work for Google’s AdSense team asking for money, you may have been affected by a scam. The person will tell you that you have a balance sitting in a Google AdSense account that is refundable to you, but you must pay a security deposit in order to release the funds. You’ll then be given an address where you should mail the security deposit in the form of a certified check in order to receive your refund.

The reality is, Google AdSense does not require payment in order to release funds owed to you and there is no fee to use our AdSense service. You can check the Reports and Payments pages to view your current AdSense account balance.

If you’ve already sent a payment and think you have been scammed, you can report the scam to the appropriate authorities.

If the correspondence you received came from a Gmail address, you can report the Gmail account to help Google take appropriate action on accounts involved in this scam.


I’ve been scammed. What should I do?

You may wish to file a report with the appropriate authorities and/or your regional fraud reporting center — such as the Internet Crime Complaint Center (www.ic3.gov)

You may also contact the Federal Trade Commission (FTC), which handles complaints about deceptive or unfair business practices. To file a complaint, visit http://www.ftc.gov/ftc/contact.shtm, call 1-877-FTC-HELP, or write to the following address:

Federal Trade Commission
CRC-240
Washington, D.C. 20580

If your complaint is against a company in a country other than the United States, you can file it at http://www.econsumer.gov. You can also find information on where to report in locations outside the United States at econsumer.gov.