Understanding Google My Business & Local Search
Google Bulk Upload: Verified Listings Or Just Another Data Feed?
Does a Google Bulk upload create a verified listing or is it in reality just another data feed? Unfortunately it is the latter.
Danny Sullivan and Greg Sterling have been covering the recent multi listing hijacking of hotel pages at Google. The hijackers essentially were able to take control of numerous hotel listings and insert an affiliate booking site URL.
Here was part of my comment to Greg about how this might have occurred:
My working theory is that these listings were either unclaimed or possibly claimed via the bulk upload. Bulk upload is viewed by Google as more of a data feed than a listing verification method and it does not lock out [additional] local claimants. Thus the listings were “eligible” to be double claimed. And claimed into the new G+ Local environment. In theory that requires verification either by post or a call and exactly how this many listings were in fact verified with the new domain is unclear.
In the old Places Dashboard and the previous/current Bulk upload any data that Google received was just that. The data might have given it some preference if it was current but it received very little special treatment over any other data that Google had. If they trusted other data more than they yours that is what would show. Or rather if the algo trusted other data more than yours that was what would show.
Also “claiming” into either environment conferred no special rights to editing that data.
If you claimed the listing into another dashboard Google would just handle it as more data that would be considered as possibly better or more fresh for the listing.
This design, while not widely understood, had certain advantages. If a claimant died or lost his/her password the listing could be simply “reclaimed” into another dashboard. Thus Google did not have to get involved with accounts that had “aged out” or had lost the password. The new claimant could just create a new Google account and go at it.
If a franchisee didn’t agree with the franchisor messaging, likewise. The franchisor could do a bulk upload and the local franchise could go into their own dashboard and verify the listing via post card or phone and add their own data. With the hotel owner and the hotel operator a similar situation could occur.
The good news (from Google’s pov) was that Google could get fresh data with a minimal support structure. If there was a discrepancy the algo could sort it out every 6 weeks as Google “rebuilt” the world (more or less successfully).
The bad news was that there could be “dueling claimants”. The bulk provider would upload data and then the individual claimant would do a null edit or upload new data and override it. The listing content and photos could dance back and forth and angers would flare.
But Google didn’t (and still doesn’t) want to get involved in these claiming wars. The contestants would have to fight it out amongst themselves. Some of these battles can be extremely contentious and often there is no resolution. Its clear why Google might not want to “get involved” as there might be not simple, single answer.
With the rollout of G+ and the “real” persona required to be effective, Google moved to a true verification model of the G+ Page for local. A listing in the new dashboard/G+ management environment can only have one verified claimant. That data is both more trusted and more secure. If a second user tries to claim any given listing they are told that it isn’t possible.
But a listing that is uploaded via Bulk Feed is still effectively able to be double claimed (or reclaimed or in actuality verified) into a new Dashboard. The bulk listings, like listings from the old Dashboard, do not carry the verification symbol on the page and there is no warning given if you attempt to bring them into the new dashboard and generate a postcard to get a pin.
Unlike a listing claimed via the new dashboard a bulk uploaded listing is available to be claimed, its that simple. Just because you took the time to collate the data, put it into a form that Google can read and go through the bulk verification process doesn’t mean that it can’t be claimed again by someone into the new Dashboard.
Google never really educated businesses about the realities of this. I suppose its easy to understand why. It’s not a very compelling value statement: “COME CLAIM YOUR LISTING (oh and by the way if you claim your listing we might user your data, or not). COME CLAIM YOUR LISTING (oh and by the way we might let others also claim it and use their data instead)”.
I have no idea how the hijackers were able to claim as many listings as they did. Its hard but obviously not impossible.
But when you stop to think about it there are only a few possible pathways to actually obtain the necessary information for verification in the new Places Dashboard/G+ Mgt:
-A technological intrusion (like the NSA),
-Corruption at Google, a sub-contractor or the hotel system or
-Some form of social engineering.
My money is on the latter, social engineering. it’s simple, it’s cheap and any “good” salesman can pull it off.
What can be done?
There are several things that come to mind. First and foremost would be for Google to move the bulk data feeds into a verified Plus environment where they are truly a claimed listing rather than just user provided data.
Another might be to upgrade the messaging on post card sent warning about the dangers of sharing the number.
And a third should very well be communication and education.
In this situation Google did a great job getting the spam taken down but they did a terrible job communicating about the event and providing insights as to how it might be avoided in the future. I know that Danny Sullivan and Greg Sterling put a fair bit of time trying to get information. The sum total of Google’s communication was this extremely minimal statement by Googler Jade in the forums.
We live in an industry where shit happens. Our servers were recently cdorked. Google had the Chinese and NSA snooping in on theirs. But I don’t think that this was a technological hack. If it were it is understandable that Google would be circumspect and wouldn’t want to talk too much, at least until it was solved.
But if this incident were a result of social engineering as I suspect then this isn’t about technology its about humans and the need for them to understand that a pin is something that needs to be treated with care. For them to understand this requires education. That is something that Google could and should do.
In the meantime if you are responsible for managing a feed with Google, alert your locations to NOT fall for a Google phone call ruse or some other effort at social engineering.
A call might just be coming their way.
© Copyright 2024 - MIKE BLUMENTHAL, ALL RIGHT RESERVED.
Comments
14 Comments
Mike, I feel like it is rather unlikely that these listings have been re-claimed by the third-party that also changed the URLs. Why is because there were a number of hotels there that were located in countries other than the US (namely Switzerland), and unless the hijackers were convincingly good at German/French/Italian (note that they would have also had to figure out exactly what language the person on the other side of the phone would be able to speak), I don’t think they could have pulled this trick. Especially at this scale.
If this theory is excluded though, the only other possible explanation I could think of is help (conscious or not) from people with the power to approve edits on Map Maker. And we again go to the point Dan Austin has raised on a number of occasions – the quality of work done by Google Listing Editors. I regret I didn’t take a look at the issue before the historical edits got obscured. It could have possibly told a lot about the person/people that did might have approved the edits.
Hi Mike,
Thanks for the update to on this topic from the previous post back in 2009.
https://blumenthals.com/blog/2009/02/13/google-claimed-business-records-no-longer-can-be-hijacked/
I’m sorry, but we have actually verified client listings via post cards and pin codes get affected by data feeds, Google Map Maker and any other citation source that is no verifiable affected by Google.
I realize that there are many sources out there trying to do bulk claiming without post cards, phone calls or pin codes, but the reality is that if you do a pin code verification without a bulk upload, then we do believe that nothing…and absolutely nothing…should be allowed to affect the listing short of getting into that account.
…and yes…I do expect Google…whose search results affect the revenues of businesses…to provide the necessary resources to have policies and processes in place if there is a password issue with an account or you run into a franchisee / franchisor issue.
Google cannot be the information source of the world and not take responsibility for the information they are trying to provide the world. They are equally guilty in this process.
Let’s not forget Google makes money off of the information they display through various advertising sources. Let’s take Google Adwords Express in which the ads show in the map search results where the claimed local business listings of other businesses show up as part of the content Google is displaying.
If Google wants to make money purely on advertising, then perhaps we should forget about the organic content and the claimed map listings entirely. They have to take responsibility for the information in their database.
@Nyagoslav
I recognize that there are other possibilities. And certainly corruption as you point out at SEL is one of those.
It doesn’t need to be one way either. It might have been several.
Corruption though is much higher risk of both being caught and of legal repercussions. A phone call leaves little to trace.
On unverified listings MM is also an way to get URLS into a listing. But that doesn’t get them verified and many of these were.
@Nyagoslav @Mike – As I said on Twitter — I think you’re both right. There could easily have been corruption through a bulk feed. Someone at ilotel had an inside connection at Google that facilitated a verified bulk feed when there shouldn’t have been. Right?
Well said Mike. I had spoken with someone at Google Local about a month back and he said bulk uploads are simply data feeds that could take up to months for individual listings to get updated. They have different people looking at different things; I added photos of the restaurant for each listing and none of them have shown up and his only reasoning is that the department that reviews all the photo uploads likely hasn’t gotten to it.
In the bulk upload manage interface, not all the info from the spreadsheet is present. What’s missing from what I can see are… website url and payment types.
This confirms for me again that maybe this approach is not very trustworthy and even for franchises/chains we need to secure it with a PIN (either phone or postcard) until something is done about this. Having claimed hundreds of restaurants listings up until now, I’ve actually only had 1-2 cases where the new dashboard didn’t allow the new data I updated to go live immediately, and went into “Updated” mode, which further review. So… would you also suggest that franchises should claim every store until Google resolves this and avoid possible hijacks?
@David
Yes it could have been multiple vectors. The advantage of that strategy is that it makes detection harder.
@Jackson
That is a great question.
The problem results when there are thousands of listings or even hundreds. It is not a feasible mechanism.
Even when there are tens it becomes a daunting problem to get the 20 locations to respond with the pin.
I have succeeded in getting Google support to auto approve listings in the new dashboard when there were extreme issues preventing the locations from providing the Pin.
So I am saying that if feasible the new dashboard is preferable to a bulk feed.
If one looks at the comments in depth at least 2 of the commentators reference that this has been a consistent issue: occurring, reoccurring, and it appears different booking companies w/ different websites turn up.
It well could be persistent, recurring, and frankly some of the hotel names are among the largest advertisers with Google.
From a corporate sense. it would seem to me that large companies that additionally are large advertisers would have the weight to get this problem fixed.
I know it occurred several years ago. It seems to be a deliberate hole google has never addressed. I can’t help but think one of the hotel seo’s leaked this to SELand to get heavy publicity and ultimately get it addressed.
I have no idea how much these booking companies charge to large chains…but to smaller hotels or small chains they charge a lot. Its a hefty hit on the bottom line.
Dave
Its hard to say. We don’t know if it was social enginering (phone phishing for the PIN), corruption (inside job), flaws in MM or something all together different.
Given that it is very difficult for us to know what can be done and what can be fixed. If it was one giant phone phishing expedition and the hotels gave up their PINS willingly then I am not sure what Google can do.
I think feeds shouldn’t be allowed to include listings that are already manually verified. It has a seriously negative impact on ranking because the feed ia “newer” but contains way less data than what was in the manually claimed dashboard and the ranking of the listing almost always drops. I have seen way too many corporate offices attempt to help their franchises by doing a feed. It helps the locations who previously had nothing and hurts the ones who have spent efforts claiming and updating theirs. Not ideal at all. I always vote the manual trumps the feed if they have to pick one owner.
@Joy
Well that is why there are so many fights around this… I am not sure corporate would agree with you. 🙂 But I do.
It will be interesting to see how Google solves the problem. I think ultimately it will need be like the Plus model with Owners (bulk), Managers (doing local updates) and Contributors. But who knows when or if that will happen.
Well put, Mike. The bulk tool could definitely use a refresh. Here’s hoping the new G+ dashboard functionalities will be available for bulk users soon. Google has said that it might be rolling out early this year, but no guarantees. We’ve put together a blog post on some of the issues we’ve seen and thoughts on what’s to come: http://www.simpartners.com/google-bulk-limbod-listing-management-tool/
@Joy, I agree.
Most corporations unfortunately are not taking the local office/store/franchise marketing very seriously. For some reason it ends up on the lower end of their priority list.
They have staff that are mostly advertisers and not marketers, so to them it is much easier to spend the advertising dollars instead of tending to the labor intensive process of marketing.
Of course search engines and consumers are paying very close attention to the local results in the organic area or on their mobile devices.
You would think there would be more priority put towards this marketing process vs. the technology task of data feeds at corporate.
We have one national company we are talking to right now and if you search on their primary keyword in any of the major markets they do not show up…just in the advertising area. Their local offices are not happy and feel the advertising is one channel and more marketing channels need to be used to generate the leads they need. Yet corporate says they do nightly data feeds and feel it is sufficient even if the results could be better.
Spammy, G Places picture tagging begets, association with url… from another provider… bulk data upload overwrite contains url, since it has existed for X period of time in images, owner must be okay…. ???
that is the spam trigger..
Comments for this post are closed.