Hackers have developed sophisticated methods to bypass Google, reach innocent searchers, and steal money, personal data, and sensitive credentials.
Over 8.5 billion people rely on Google every day to provide relevant, helpful, and safe results to their queries. However, SEO poisoning, a sophisticated fraudulent activity, redirects users to fake websites intended to snatch their personal information, sensitive credentials, and money. For most of the Google Serch users, becoming a victim is not a tough task, as it revolves around the core of searching, keywords.
“SEO poisoning is a tactic used by cybercriminals to manipulate search engine results and then direct users to malicious websites which often look genuine. When users click on these links, they are taken to sites that expose them to malware that often immediately downloads, which can compromise the computer’s security and potentially lead to data theft or device infections,”
-Jake Moore, global cybersecurity adviser at ESET.
The fraudulent activities are however limited to certain keyword categories as they provide easy access to transactional users. Here are the types of searches you should avoid to prevent getting hacked by a sophisticated threat actor.
1. Customer Service Numbers
We all search for the customer care number of our service providers, especially in banking, insurance, and healthcare. The fraud experts manage to rank on top of these search queries and become a trustworthy website to visit or offer a genuine number to call, which gets forwarded to the scam teams.
2. Quick-Money Opportunities
This keyword itself has a huge trail of malicious activities as it targets one of the most vulnerable spectrums of online searchers: job seekers. The hunt for an opportunity may not activate a sharp eye for scammers. Extending this category, certain keywords like high-paying remote jobs, easy remote jobs, quick moneymaking schemes, investment opportunities, and trading insights often land users on fake websites.
3. Google Authenticator
Google Authenticator is an online tool made available by the tech giant to help users validate certain websites and online services through one-time verification codes and two-factor authentications. Modern cybercriminals have managed to divert people searching for the Google Authenticator by redirecting them through Ads that get displayed just above the organic search results. These Ads have minute details that most users ignore and click to a perfectly imitated website. However, clicking download on these websites installs malware instead of the original Google Authenticator app.
4. Infected PDFs
A specific group survey is another rising trend in the online search fraud list. While the scam targets a high-niche keyword, ‘Sports Mental Toughness Questionnaire,’ it has caused serious damage to users by automatically downloading PDFs infected with viruses and spamware. The dodgy links are embedded to automatically download the PDF without the user's knowledge.
5. Online Viagra
This segment targets secretive searches, often related to confidential personal health issues. Searching for Viagra or related products online often makes people victims of the new-age pharma hack practice. Hackers have managed to infiltrate vulnerable WordPress blog websites and provide links to pages advertising knockoffs of branded products at a much lower price. The greed and sensitivity of the problems faced by users often lead them to try the provided solution and, instead, cause serious monetary harm.
Though online search engines have always moved rapidly to identify malicious websites, it is the duty of the online searcher to be aware of what they are looking for. For job seekers, searching through reputed job aggregators or official employer websites can help prevent them from becoming hack victims. For others, online resources on empowering awareness and eye for malicious links can help reduce risks.
