How to Check If Your Google Business Profile Has Been Hacked

A compromised Google Business Profile can damage your reputation in minutes. Scammers change your hours, redirect customers to fake locations, delete authentic reviews, and post misleading content. The danger is that most business owners don't check their GBP regularly—by the time they notice something's wrong, the damage is done.

This guide walks you through the warning signs, how to audit each field for unauthorized changes, and the fastest way to recover if you've been hacked.

7 Warning Signs Your GBP Has Been Hacked

1. Hours Have Changed

Your business hours are one of the easiest fields for scammers to manipulate. If customers are arriving outside posted hours, or you're getting angry reviews about being "closed when I arrived," your hours may have been altered.

What to check:

• Are your hours the same as you set them?
• Do holiday hours match your actual closures?
• Are there any days marked as closed when you're open?

2. Location Has Moved

This is a dead giveaway. Scammers sometimes change the address to a competitor's location or a fake address to redirect foot traffic.

What to check:

• Open your GBP on mobile and check the map pin
• Does it point to your actual address?
• Can you verify by visiting the location in Google Maps directly?

3. Phone Number Is Different

If calls are going nowhere or reaching a competitor, your phone number has been changed.

What to check:

• Call your GBP phone number from another phone
• Verify it matches your actual business number
• Check your call logs—are you missing customer calls?

4. Website URL Points Elsewhere

A simple but devastating change. Scammers can redirect all your web traffic to a competitor or phishing site.

What to check:

• Click the "Website" button on your GBP
• Does it go to your actual website?
• Or does it redirect to a competitor or unknown domain?

5. Business Category Changed

Your primary category has been altered—e.g., a plumber reclassified as a florist, or a law firm relabeled as a casino.

What to check:

• Does your category match your actual business?
• Are secondary categories intact?
• This often happens when competitors want to bury you in the wrong search results

6. Description, Photos, or Posts Are Gone or Vandalized

Photos deleted, your business description rewritten to bad-mouth your business, or bizarre posts appearing on your feed.

What to check:

• Are your professional photos still there?
• Has your business description been altered?
• Do all posts on your timeline look legitimate?
• Are there any posts you didn't write?

7. New Staff Members or Admins Added

The most insidious sign. You'll only notice this if you actively check your access settings.

What to check:

• Go to Settings → Admins and Managers
• Do you recognize every person listed?
• Are there unfamiliar email addresses with admin access?

Step-by-Step Audit: How to Check Each Field

Access Your GBP Securely

1. Go to Google Business Profile (business.google.com)
2. Do not accept any password recovery emails you didn't request
3. Check your Google Account's Recent security events to see if anyone else accessed your account
4. If suspicious activity appears, change your password immediately and enable two-factor authentication

Field-by-Field Verification

Business Information section:

• [ ] Business name — exactly as it should appear (check for hidden characters)
• [ ] Address — matches your physical location
• [ ] Phone — your actual business number
• [ ] Website — points to your official domain
• [ ] Category — primary and secondary categories are correct

Hours section:

• [ ] Regular hours match your schedule
• [ ] Holiday hours are accurate
• [ ] Special hours for events are yours (or deleted if unauthorized)

About section:

• [ ] Business description is unchanged or recently edited by you
• [ ] No vulgar or misleading content has been added
• [ ] Photos are all authentic (yours, not stolen or vandalized)

Posts section:

• [ ] Review all recent posts
• [ ] Verify you wrote every post in the last 30 days
• [ ] Delete any suspicious or unfamiliar posts

Reviews section:

• [ ] Check if legitimate reviews have been deleted
• [ ] Look for a spike in fake negative reviews (coordinated attack)
• [ ] Verify response timestamps—did you write those replies?

Attributes section:

• [ ] Features like "wheelchair accessible," "accepts online orders," etc. are accurate
• [ ] No attributes added that you don't offer

Account access:

• [ ] Go to Settings → Admins and Managers
• [ ] Remove anyone you don't recognize
• [ ] Verify email addresses of all remaining admins

What to Do If You Find Unauthorized Changes

Immediate Actions (Within the Hour)

1. Change your Google password — use a strong, unique password you've never used before
2. Enable two-factor authentication if not already active:

- Account → Security → Two-Step Verification

1. Revert all changes in your GBP:

- Edit each field back to correct information - Delete unauthorized posts immediately - Remove unfamiliar admins

1. Check your Google account recovery options:

- Remove unfamiliar recovery email addresses - Update your phone number for recovery - Add a recovery email address you control

Document the Incident

1. Take screenshots of:

- The changed fields (for evidence) - Your recent account activity (from Settings → Security → Recent activity) - Any false posts or reviews

1. Note the approximate time you discovered the breach
2. Keep records of customer complaints or missed calls during the compromised period

Report to Google

1. Use the GBP Support Portal → Report a concern
2. Explain what was changed and when you discovered it
3. Ask Google to:

- Investigate who accessed your account - Restore previous versions of your profile if needed - Flag the account as compromised so they monitor it

1. Google may ask for identity verification before restoring deleted content

Monitor Closely for Re-compromise

A hacked account is often hacked again. For the next 30 days:

• Check your GBP daily for changes
• Review your Google account's active sessions (remove unknown devices)
• Monitor incoming customer calls to ensure the phone number is correct
• Check your website traffic to ensure it's legitimate

How Monitoring Prevents This

The problem with manual checking: you might notice changes days or weeks later, after your reputation has been damaged. By then, fake reviews have been posted, customers have received wrong hours, and your credibility is shaken.

Automated monitoring changes everything. Services like MyReputation.ie check your GBP profile multiple times daily against previous versions:

• Instant alerts when any field changes (hours, location, phone, description, etc.)
• One-click reverts if an unauthorized change is detected
• Change logs showing exactly what changed, when, and (sometimes) by whom
• Competitor monitoring to catch coordinated attacks

If your GBP is hacked with monitoring active, you're notified within the hour—before customers are affected.

Prevention Checklist

• [ ] Use a strong, unique password for your Google account
• [ ] Enable two-factor authentication on your Google account
• [ ] Limit admin access to only trusted team members
• [ ] Regularly (monthly) audit your GBP fields manually
• [ ] Brief your team on what fields they can edit and what's off-limits
• [ ] Use Google Account Security Checkup quarterly
• [ ] Sign up for GBP email notifications (notifications are sent for some changes, but not all)
• [ ] Consider an automated monitoring solution for real-time alerts

The Bottom Line

A hacked Google Business Profile isn't a catastrophe if you catch it early. Check your GBP today—particularly your hours, location, and phone number. If you find changes you didn't make, follow the recovery steps above immediately.

For ongoing peace of mind, consider setting a monthly reminder to audit your profile, or use automated monitoring to catch compromises in real time.

---

Want to automate this monitoring? MyReputation.ie checks all these fields 24/7 and alerts you within the hour if anything changes. Get started free →