Share This Page

   A.S.A.P. Lock & Safeon


Download Consumer Alert PDF

Fake Online Locksmiths May Be Out to Pick Your Pocket, TooConsumer Alert Page

Odds are good that when you search Google for someone to help you get into your home or car, results will include poorly trained subcontractors who will squeeze you for cash.

Maybe this has happened to you.

Locked out of your car or home, you pull out your phone and type “locksmith” into Google. Up pops a list of names, the most promising of which appear beneath the paid ads, in space reserved for local service companies.

You might assume that the search engine’s algorithm has instantly sifted through the possibilities and presented those that are near you and that have earned good customer reviews. Some listings will certainly fit that description. But odds are good that your results include locksmiths that are not locksmiths at all.

They are call centers — often out of state, sometimes in a different country — that use a high-tech ruse to trick Google into presenting them as physical stores in your neighborhood. These operations, known as lead generators, or lead gens for short, keep a group of poorly trained subcontractors on call. After your details are forwarded, usually via text, one of those subcontractors jumps in a car and heads to your vehicle or home. That is when the trouble starts.

The goal of lead gens is to wrest as much money as possible from every customer, according to lawsuits. The typical approach is for a phone representative to offer an estimate in the range of $35 to $90. On site, the subcontractor demands three or four times that sum, often claiming that the work was more complicated than expected. Most consumers simply blanch and pay up, in part because they are eager to get into their homes or cars.

“It was very late, and it was very cold,” said Anna Pietro, recalling an evening last January when she called Allen Emergency, the nearest locksmith to her home in a Dallas suburb, according to a Google Maps search on her iPhone. “This guy shows up and says he needs to drill my door lock, which will cost $350, about seven times the estimate I’d been given on the phone. And he demanded cash.”

The phone number at Allen Emergency is now disconnected.

It is a classic bait-and-switch. And it has quietly become an epidemic in America, among the fastest-growing sources of consumer complaints, according to the Consumer Federation of America.

Lead gens have their deepest roots in locksmithing, but the model has migrated to an array of services, including garage door repair, carpet cleaning, moving and home security. Basically, they surface in any business where consumers need someone in the vicinity to swing by and clean, fix, relocate or install something.

“I’m not exaggerating when I say these guys have people in every large and midsize city in the United States,” said John Ware, an assistant United States attorney in St. Louis, speaking of lead-gen locksmiths.

A locksmith’s shop on a street in Sun City, Ariz., top, turned out to be a fiction that was created for the locksmith by a web design firm using Photoshop at what is, in fact, a vacant lot, bottom.
Photograph by Caitlin O’Hara for The New York Times

Many legitimate locksmiths contend that the solution should come not from law enforcement but from Google. Google says that it is working on improvements, and clearly the days are over when, as in 2009, a search for Manhattan locksmiths yielded a map so covered in red location dots it that looked like a bad case of the measles.

A Google spokesman said that the company worked hard to check bad actors and quickly removed listings that violate its policies.

But the company is still too easily tricked into listing lead gens, high up, even after years of redesigns and algorithm adjustments, critics say. Local service results have improved of late, but too many consumers are still getting ripped off because Google, the world’s biggest search engine, is perennially a step behind a group of sophisticated swindlers, according to experts in the field.

“Google has been subpar on this,” said Danny Sullivan, a founding editor of the website Search Engine Land. “When problems arise, they kind of deal with them as they pop up, but they don’t correct systemic flaws that are out there.”

The Ghosts on Google

The flaws in the Google machine are well known to Avi, an Israeli-born locksmith, who asked that his last name be omitted from this story, citing threats by competitors. (“One told me there is a bounty on my head,” he said.) Avi has been at war with lead-gen operators for eight years. It’s like guerrilla combat, because the companies are forever expanding and always innovating, he said.

To demonstrate, he searched for “locksmith” in Google one afternoon in November, as we sat in his living room in a suburb of Phoenix. One of the companies in the results was called Locksmith Force.

The company’s website at the time listed six physical locations, including a pinkish, two-story building at 10275 West Santa Fe Drive, Sun City, Ariz. When Avi looked up that address in Google Maps, he saw in the bottom left-hand corner a street-view image of the same pinkish building at the end of a retail strip.

There seemed no reason to doubt that a pinkish building stood at 10275 West Santa Fe Drive.

Avi was skeptical. “That’s about a five-minute drive from here,” he said.

We jumped in his car. It wasn’t long before the voice in his GPS announced, “You have arrived.”

“That’s the address,” he said. He was pointing to a low white-brick wall that ran beside a highway. There was no pinkish building and no stores. Other than a large, featureless warehouse on the other side of the street, there was little in sight.

“This is what I’m dealing with,” Avi said. “Ghosts.”

These ghosts don’t just game search results. They dominate AdWords, Google’s paid advertising platform. Nearly all of those ads promise “$19 service,” or thereabouts, a suspiciously low sum, given that “locksmith”-related ads cost about $30 or so per click, depending on the area.

(Yes, Google makes money every time a person clicks on an AdWords ad, and yes, in the case of locksmiths, the cost can be $30 for every click — even more in some cities. If you’ve ever wondered how Google gives away services and is still among the most profitable companies in the world, wonder no more. People clicking AdWords generated $60 billion last year.)

In a search for locksmiths in Mountain View, Calif., home to Google’s headquarters, the first AdWords listing was 24hourlocksmithsanjose.net, which offered $19 service. Research into the company’s domain name revealed that it is owned by Yossi Assraf of Locksmith Advertising, in Portland, Ore.

Mr. Assraf also owns more than 800 other domain names, according to the website Whoisology, including 247westpalmbeach.com, 247locksmithlouisville.com, 247-locksmithcleveland.com, 247-locksmithjerseycity.com and so on.

Those have all the trappings of a lead gen. And, 247 Locksmith Advertising has an F rating from the Better Business Bureau, along with a list of nearly identical complaints.

“Over all the cost was $200!!” wrote one unhappy customer, who had been expecting to pay $19. “This was a complete bait and switch!”

Messages left for Yossi Assraf were not returned.

Recently, I sent Google the ad for 24hourlocksmithsanjose, as well as a screen shot of the fake Locksmith Force building and the names of about 20 other locksmiths that appeared to be lead gens. The company asked for a few days to look into the matter.

Pipeline From Israel

National data that could capture the scale of the lead-gen problem does not exist, largely because most of the complaints occur at the state level, by way of attorneys general, Better Business Bureaus and Yelp. Also, the sums involved are usually modest, so many people have no idea they have been swindled, or they know but don’t think it’s worth anyone’s while to contact the authorities.

Legitimate companies and the Associated Locksmiths of America, however, have been howling about lead gens since they first started popping up in the early 2000s.

“Talk to anyone in the business and they’ll tell you that revenue is down 30 to 40 percent,” said Mark Baldino, who owns a handful of locksmith stores in the Washington area. “There are 10 fake locations around me, and consumers have no idea which of us is real and which is going to rip them off.”

The difference between people like Mr. Baldino and locksmiths sent by lead gens is not just a physical storefront; excellent locksmiths work out of cars and vans, too. Lead-gen locksmiths are essentially short-term hires, and their priority is not repeat customers. It’s quick cash.

Many of the locksmith lead gens are run by Israelis, and Avi learned their modus operandi by working for them. When he landed at La Guardia Airport in 2008, he wanted to work with computers, the field he had trained for in Israel. But it was the height of the recession, and he did not have many options.

“At the time, if you were an Israeli, it was either carpet cleaning or locksmithing,” he said. “I tried carpet cleaning for a week and hurt my back so badly, I said this is not for me.”

A company in New Jersey, owned by an Israeli, hired him, gave him a week of training and told him he could keep 40 percent of every job. His instructions were to size up each customer and ask for as much money as possible. He quit, found an honest shop, eventually earned enough to open his own company and relocated to Phoenix.

Today, a well-oiled system keeps young Israelis flowing to the United States for locksmith jobs. Companies beckon on Israeli employment websites such as Maka (Hebrew for “score”). Among those currently hiring are Green Locksmith, Locksmith Garage, CT Locksmith and Mr. Locks. The latter, which claims its main office is in TriBeCa, promises that employees will earn as much as $4,000 a month and says it is looking for people “who are not afraid of new things.” Like many of these companies, Mr. Locks covers itself by stating — in Hebrew and on a site that caters to Israelis — that it is looking for United States citizens.

Many of the recruits later establish their own lead-gen operations, which then recruit more talent. This has increased competition and made deceiving Google an ever more esoteric pursuit. That was evident during a conversation with Roy Alverado, the owner of Locksmith Force, the company that created the fake pink building in Sun City. He insisted that he ran an authentic local business, with trained and courteous locksmiths.

As for that fake building: “We wanted to have a store in that area, but the rents were too high,” he said. He told a web design firm to create a building using Photoshop. Actually, all but one of the buildings are Photoshop creations, since Locksmith Force’s sole physical location is in Phoenix, Mr. Alverado said. The more buildings on the site, he candidly stated, the more people would believe they were calling someone who could show up at a car or house quickly.

Mr. Alverado said those fake buildings were necessary because getting to the first page in Google results now took ingenuity and cunning.

“You have no idea,” he said, sounding a little weary when asked about competition. Israelis were his toughest rivals, he said, and they had instilled a kind of awe in him. “I can tell you point-blank, they are freaking smart,” he said. “I really admire them.”

A few months ago, he decided that he needed some help with search engine optimization. A company called Over the Top SEO showed up on the first page of an “SEO company” search, so he figured it was very good. Then he saw that the company was based in Israel. Mr. Alverado was sold. If he couldn’t beat the Israelis, he would hire them.

“We’re already seeing great results,” he said.

Gaming the Algorithm

Even with the rise of Facebook and improvements to Apple Maps, Google is still the essential source of revenue for local businesses — 85 percent of all local search traffic reaches local businesses through Google, according to Mike Blumenthal, who writes a definitive blog on the topic. To understand how lead gens game Google’s algorithm, you need to know a bit about how a company’s address winds up in Google’s results, and how those results can be fraudulently altered. Few know the particulars better than Bryan Seely, who worked for a lead-gen outfit in the automotive glass repair field, based in Southern California, from 2008 to 2010. During that time, he produced about 3,000 fake auto glass repair listings across the country. Eventually appalled by his handiwork, he became what he calls a reformed hacker and explained his techniques in a self-published book, “Cyber Fraud: The Web of Lies.”

Bryan Seely worked for a lead-gen outfit, producing more than 3,000 fake auto glass repair listings from 2008 to 2010. He later wrote a book called “Cyber Fraud: The Web of Lies.” Credit Matthew Ryan Williams for The New York Times

“My hope was that the book would cause Google to patch up these holes,” he said on the phone recently. “It didn’t work.”

In the interest of minimizing mischief, the methods Mr. Seely described will not be detailed here. But they involve chicanery with two platforms: Google My Business, essentially the company’s version of the Yellow Pages, and Map Maker, which is Google’s crowdsourced online map of the world. The latter allows people around the planet to log in to the system and input data about streets, companies and points of interest.

Both Google My Business and Map Maker are a bit like Wikipedia, insofar as they are largely built and maintained by millions of contributors. Keeping the system open, with verification, gives countless businesses an invaluable online presence. Google officials say that the system is so good that many local companies do not bother building their own websites. Anyone who has ever navigated using Google Maps knows the service is a technological wonder.

But the very quality that makes Google’s systems accessible to companies that want to be listed makes them vulnerable to pernicious meddling.

“This is what you get when you rely on crowdsourcing for all your ‘up to date’ and ‘relevant’ local business content,” Mr. Seely said. “You get people who contribute meaningful content, and you get people who abuse the system.”

The most obvious symptom of abuse is a wild proliferation of lead-gen listings. Charles Eastwood, a locksmith in Phoenix, subpoenaed Acxiom, a data brokerage firm, as part of a lawsuit he filed against a group of purported lead gens in 2010. He wanted to know how many locksmiths were listed in Arizona.

“There were 9,600 of them in the list I got from Acxiom,” he said. “That’s about 9,000 more than anyone believes actually work in the state.”

‘A Five-Alarm Fire’

Charles Eastwood, a Phoenix locksmith, subpoenaed a data brokerage firm in a lawsuit he filed against an online group of purported locksmiths. Caitlin OHara for The New York Times

To fight lead gens, Google deploys a little-known army of volunteers, called Mappers, many of whom are engaged in a contest that takes wit and stamina. These are people around the world who propose and approve edits to Google Maps, with an assist from Google employees, all in the interest of refining the product and fighting spam — a term that in this context means anything fake and misleading.

It may seem bizarre that people would work gratis for one of the world’s richest companies. But many Mappers turn the job into a calling. For Dan Austin, who lives in Olympia, Wash., it was more like an addiction.

A former truck driver for DHL, he became a Mapper after he was laid off from his job and started fixing mistakes he had noticed on Maps while on the road. By the fall of 2011, Mr. Austin had discovered locksmith spam and was soon spending 10 hours a day, seven days a week, deleting it from Maps.

“It was like a video game except it had a moral element to it,” he said. “At the end of the day, I’d have wiped out 1,000 locations and I would think, that’s 1,000 phone calls that didn’t get made, 1,000 consumers who didn’t get scammed. I felt like Superman.”

Mr. Austin became a Regional Lead, the highest rank in Google’s Boy Scout-like badge system of incentives, a job — still unpaid — that required him to sign a nondisclosure agreement.

He was quickly locked in a struggle that seemed inspired by Cold War spycraft. Some lead-gen owners became Mappers themselves, hoping to stealthily protect their listings. They were essentially moles. One of them, who called himself Baton Sason, contacted Mr. Austin through a private detective.

“At first, he thought I was another spammer,” Mr. Austin recalled. When Mr. Sason realized that Mr. Austin was truly on Google’s side, he tried to win amnesty for his sites in exchange for help informing on his competitors. Mr. Austin played along for a few months, then deleted Mr. Sason’s sites too.

Initially, Mr. Austin regarded Google as a benign Goliath that cared about consumers and small businesses. But about 18 months after his campaign began, pessimism crept in. He realized, he said, that spammers were changing tactics much faster than Google was adopting countermeasures.

“For me, it was always like I was looking at a five-alarm fire,” he said. “To them, it was smoldering.”

By the fall of 2012, Mr. Austin was disillusioned. He decided that the subtle approach to getting attention wasn’t working. So he did something obnoxious. In the middle of the Google Map of Los Angeles, he placed a marijuana grow house. Not a dispensary, which is legal. A grow house, which is a place where plants are harvested. Those are illegal. Then he highlighted the stunt on a Map Maker forum.

The plan was to demonstrate that it was too easy to hoodwink Google. The plan failed. Google fired him from his unpaid job. (A Google spokesman declined to comment.)

Today, Mr. Austin has the faintly bitter tone of a man who has left a cult, but he is cleareyed about why Google never seemed to respond quickly enough to spammers. It wasn’t a priority, he said. The company is dominated by software coders, and they want to solve the most interesting problems, or create the coolest products.

Dan Austin, a former truck driver who held an unpaid job helping Google fix mistakes on its maps, was fired after he placed a marijuana grow house on a map of Los Angeles to show how easy it was to fool the search engine.
Matthew Ryan Williams for The New York Times

“Fighting spam is boring,” Mr. Austin said. “The employees who cared didn’t have the political clout in the company. I’d hear Googlers say, ‘Maps is a mess. It’s known at the highest levels, but we don’t talk about it publicly.’”

Caught in an Arms Race

The justice system is the most obvious alternative to Google in the fight against locksmith lead gens, and in 2009, federal prosecutors in St. Louis went after three principals of Dependable Locks on charges of a variety of nationwide frauds. This was the most ambitious action ever taken against a suspected lead gen; postal inspectors had surprised the company by showing up at its headquarters in Clearwater, Fla., with a search warrant. Files were confiscated, employees were persuaded to tell all.

Little, it seems, went right after that. One defendant fled the country, according to prosecutors. In 2013, a federal magistrate judge recommended dismissing the case because the government had deported four witnesses, all of them former Dependable employees who might have helped the defendants. The judge also suggested that the case would be difficult for the prosecution to win because Dependable phone representatives usually added the phrase “and up” when quoting prices.

One of the prosecutors, Mr. Ware, the assistant United States attorney in St. Louis, respectfully disagreed with those findings.

“Ninety percent of people were charged more than the estimate,” he said. “We had locksmiths tell us that they would take whatever they could get from customers.”

One lesson of the Dependable case, which took years from inception to dismissal, is that the criminal courts are a terrible way to fight purported lead-gen locksmiths. Civil cases have fared no better. Mr. Baldino, the locksmith in Washington area, lost a case against Google and other directories in which he said the companies commingled legitimate and illegitimate players in listings. Last February, a Virginia state court found that Google had immunity under the Communications Decency Act, which extends to all information that does not originate with Google — “even when given notice that it has published false information,” the court concluded.

Only Google, it seems, can fix Google. The company is trying, its representatives say, by, among other things, removing fake information quickly and providing a “Report a Problem” tool on the maps. After looking over the fake Locksmith Force building, a bunch of other lead-gen advertisers in Phoenix and that Mountain View operation with more than 800 websites, Google took action.

Not only has the fake Locksmith Force building vanished from Google Maps, but the company no longer turns up in a “locksmith Phoenix” search. At least not in the first 20 pages. Nearly all the other spammy locksmiths pointed out to Google have disappeared from results, too.

“We’re in a constant arms race with local business spammers who, unfortunately, use all sorts of tricks to try to game our system and who’ve been a thorn in the Internet’s side for over a decade,” a Google spokesman wrote in an email. “As spammers change their techniques, we’re continually working on new, better ways to keep them off Google Search and Maps. There’s work to do, and we want to keep doing better.”

There was no mention of a stronger verification system or a beefed-up spam team at Google. Without such systemic solutions, Google’s critics say, the change to local results will not rise even to the level of superficial.

Apprised that Locksmith Force had been relegated to the Internet’s version of oblivion, Avi was in no mood to celebrate.

“One down,” he wrote in an email. “Fifty thousand to go.”

Source: New York Times: Business Day - Fake Online Locksmiths May Be Out to Pick Your Pocket, Too

  • Help spread the word about ASAP Locksmith: