Zedred

It is not a minor issue. Fake listings for major banks and dogecoin/stock brokers could have caused dire havoc and major theft. The people who don't understand the magnitude of what you discovered have no background in theft prevention.

The lack of technical expertise needed to trick someone into calling a fake phone number is precisely why this is such a huge problem. Any high schooler can do it. What if instead of faking the secret service he faked your bank, your stock broker, the credit bureau, your favorite dogecoin seller, or customer service for Amazon or Paypal?

He could easily have posed as a person with the authority to ask for your credit card number, social security number, pin, bitcoin wallet number, or other passwords used to identify yourself for financial theft.

Just because a hack relies mostly on social engineering doesn't mean it is any less useful to a con man. This is a huge flaw in google that needs fixing.

What difference does that make, really? Do you stop and get out a phone book app to verify the number before proceeding with using the number google gave you? Nobody does that, or they wouldn't havelock end up the google maps number in the first place. The implications of this for bank theft are enormous.

Think what would happen if foreign hackers use this method to fake the number for your bank or credit bureau or amazon customer support or bitcoin exchange and then record your credit card number, social security number, bitcoin wallet address, password, whatever it is you give out on the phone to make a financial transaction. The implications for faking a phone listing that millions of people use, rarely authenticate for themselves, then discuss financial transactions on the call, is huge. People ITt don't seem to be making the mental leap about what could be done with this capability.

Even identity theft agencies and credit bureaus recommend that if someone calls saying they are from the fraud dept of you your bank, credit card company, or stock broker or whatever, that you hang up, google the real number and call them back and ask for the fraud dept to confirm you weren't being scammed. A well prepared phishing ring would have their fake listing positioned ahead of time, top of the list, before starting the robocalling.

The majority of the world will never know what a great service this man has done for them by forcing google to close the security hole. Of all the agencies that should know about it, secret service is it, because they deal with money laundering and protection of the money supply.

Doubtful