Skip to main content

Google My Business logoWith increasing frequency, businessesboth medical and non-medicalare experiencing some form of GBP hijacking. Keep reading to learn what GBP highjacking looks like and how to protect yourself against it.

What is GBP hijacking?

In the simplest terms, GBP hijacking occurs when someone changes listings without authorization. This “hijacking” process can happen in many ways, from mild, temporary hijacks (someone on Google Maps suggesting edits to listings they don’t own that Google then authorizes) to very severe, permanent takeovers (someone accessing the sole ownership role of listings, meaning they can remove someone from owning their listings entirely).

How do hijackers gain control?

Occasionally, someone will attempt to change or edit information on a competitor’s listings as a malicious tactic to frustrate or mislead potential customers. This is very rare. At SocialClimb we call these “malicious suggestions.”

The second, and more severe form of hijacking, is more common. This type of hijacking happens when someone requests access to one or more listing they don’t own. Google will send an email to every manager or owner on the account, notifying them that someone requested access. Most people think that if they simply don’t do anything, no access to their listing will be given. This is WRONG. From the time of the request, the owner has seven days to either allow or deny access to the listing. If they do nothing, the hijacker will gain access at the end of the seven day period.

The threat level of this “takeover hijacking” depends on the type of access the hijacker requests. If they request and gain management rights, they will have access to do almost everything. They are only restricted from removing the owner’s access to the listing. If the hijacker requests ownership rights to the listing, and they get it, all other owners on the listing are bumped down to management status, and the hijacker is now the sole and primary owner on the listing. This means that the rightful owner no longer has the ability to remove these hijackers from THEIR OWN listing.

What does a GBP hijacking look like?

Sally manages the GBP listings for her practice. She outsources some things, like maintaining a listing for every physician, to make her job easier. Because of this, she isn’t too concerned about who is managing what on her listings, and she frequently ignores GBP email notifications.

One day, Sally receives an email notification that someone else wants to be an owner on her GBP listing. Unfortunately, Sally ignores the notification, and the predator is added as the owner, bumping Sally, and every other owner on her account, down to managers. The new “owner” removes all the optimizing that has been done on the page and then contacts Sally, offering to manage and optimize the listings for her. For a price. The predator hijacked the page, created a problem with the listing, and then came in to “save the day” with his services. Sally was a victim of GBP hijacking. What’s worse is that she cannot remove the new “owner” of the page because she has lost those rights.

Read about examples of GBP hijacking in other industries:



How can I prevent hijacking from happening to my listings?

The first form of GBP Hijacking (malicious suggestions) can be done without any kind of ownership or management access to your listings. To prevent this type of “hijacking,” you should check your listings often to see what kinds of suggestions are informing what is currently posted on your listing. Google will highlight any suggestions that have been crowdsourced and ask you to accept them. Google is supposed to notify you before these changes are made to your public listing, but those notifications don’t always work, so it’s best to check.

The second type of hijacking, true hijacking, where a company or service provider actually claims and manages your listing without your knowledge, can be prevented very simply by owning your listings and being aware of who is requesting access to them. Remember, doing nothing means giving approval. You have seven days to approve or disapprove someone’s request for access. If you do nothing, they have access. Always disapprove unknown requests. If someone has a legitimate reason for managing or owning one of your listings, they will know you or your company well enough to approach you head on, not through a backdoor loophole. It is always better to be safe than sorry, especially because you can give people access to your listings on your terms.

The SocialClimb promise

At SocialClimb we always use the “front door method” of talking to the owners of a practice to gain access to GBP listings in a fair and safe way. We believe in being transparent about our Google Business Profile practices. If you have any questions, just ask us. We also do our very best to prevent others from hijacking your listings. If we own or manage your listings on your behalf, you can think of us as being GBP “watchdogs.” Our official policy is to deny anyone who requests access to your listings unless you tell us otherwise. Our goal is to keep your listings safe and secure.

If you have further questions about GBP listings management, especially as it relates to medical listings, check out our article on Best Practices for Medical GBP Listings.

If you want help guarding your listings and growing your reputation, contact us for a demo of our product today.


Close Menu

Learn about SocialClimb's New Predictive Patient Targeting with Postcard Deployment

Get Our Free HIPAA Compliance eBook