# Someone Is Trying to Claim Your Client's Listing. Right Now.

> GBP listing hijacking is spiking in 2026. Learn why Google's UI change is fuelling unauthorised claim requests and how to protect multi-location brands.

- Source: https://socialplaces.io/blog/someone-is-trying-to-claim-your-clients-listing-right-now/
- Author: Conor Young
- Published: 2026-06-24
- Tags: Google Business Profile, Listings Management, Local SEO, Reputation Management, Multi-Location, GBP Security, Listing Hijacking

---
A routine edit to fix a business address. An automated email from Google confirming the change is under review. Standard procedure. But look below that notice and something unexpected appears: a prominent, one-click button reading "Claim my business."

Local SEO professionals are raising the alarm about this UI change, and if you manage Google Business Profiles for multi-location clients, this is not a notification you can afford to miss.

## The "Claim My Business" Button Nobody Asked For

Google is surfacing an ownership claim option inside a standard operational email, one that goes to anyone who suggests an edit on a listing, not just the verified owner. For established profiles with active managers, this creates an unnecessary opening.

If a business owner scans that email quickly or dismisses it without acting, another user has already been invited to initiate an ownership request. The listing is now in play.

![Mock Google edit-confirmation email with a highlighted 'Claim my business' button, alongside three warnings: the prompt goes to anyone who suggests an edit, one click starts an ownership request, and it is easy to miss](./listing-claim-in-article-1-claim-button.webp)

## Why This Is Getting Worse in 2026

Research published in late 2025 documented a wave of GBP hijackings targeting high-value businesses, with attackers exploiting Google's verification loopholes to reroute enquiries, alter contact details, and even mark active businesses as permanently closed.

This is not a niche threat. Spammers are now using automation and AI tools to launch fake profiles and initiate ownership requests at scale. The low barrier to suggesting an edit on any Google listing, combined with the new claim prompt embedded in confirmation emails, creates a repeatable attack surface.

For multi-location brands managing dozens or hundreds of profiles, the exposure is multiplied. Each location is a separate target. Each edit suggestion from any user generates an email. Each email now carries this button.

## What Happens When an Ownership Request Goes Unanswered

If a claim request is submitted and the current owner does not reject it promptly, Google can grant the requester access. At that point, the attacker can:

- Change the phone number and website URL
- Update trading hours to deter customers
- Mark the business as temporarily or permanently closed
- Remove photos, respond to reviews, or delete the listing entirely
- Redirect foot traffic and phone enquiries to a competitor

![Table showing how an unanswered claim lets a listing's phone number, website, trading hours and status be changed to a competitor line, a redirected URL, closed hours and permanently closed](./listing-claim-in-article-2-what-it-costs.webp)

For a franchise with 50 or 100 locations, a single missed notification can have real revenue consequences. Monitoring once a week is no longer adequate protection.

## Why the Listings Locking Layer Matters More Than Ever

There are two layers of protection that every multi-location brand should have in place, and most do not.

The first is verified ownership with primary manager status held by a trusted party, not just the franchisee or store manager. When ownership sits with someone who may not understand what a claim request looks like, the listing is only as protected as that person's attention on a busy Tuesday.

The second layer is active suggestion locking. Google allows third parties to suggest edits on any listing. Without active monitoring and locking controls, suggested edits can go live automatically, changing addresses, hours, or categories without any action from the business owner. This is a separate but related vulnerability: the same edit-suggestion workflow that triggers the new claim prompt is also the mechanism by which listing data gets quietly overwritten.

![Two protection layers every multi-location brand should have: verified ownership with primary manager status held by a trusted party, and suggestion locking that catches and rejects unauthorised edits before they go live](./listing-claim-in-article-3-two-layers.webp)

Managing both requires visibility across every location, in real time, not a monthly audit.

## How Social Places Helps Protect Your Listings

At Social Places, managing the claiming process and locking listings against unauthorised suggestions is a core part of what we do for multi-location brands. Our team handles verification, ownership structure, and ongoing monitoring so that claim requests are caught and rejected before they become a problem.

The [Listings](/listings/) product gives brands centralised oversight across every location, with the ability to monitor ownership status, flag anomalies, and respond to platform changes quickly. Combined with [Reputation monitoring](/reputation/), brands get a complete picture of what is happening across their GBP footprint.

If your team has been seeing a spike in ownership or claim requests recently, this is likely why. [Contact Us](/contact/) and we can walk you through how we structure listing protection for brands at scale.