We are all familiar with the benefits of SEO work on relevant websites, but what if people took advantage of genuine techniques for criminal gain? Would you know the difference between a fake and a genuine site? What if the fraudulent site was on the first page of the SERPs? Would you ever suppose it could be a scam?
Cybercriminals have adopted SEO tactics (both ethical and unethical) to get their websites on the first pages of search engines. One of their favorite strategies is to use misspelled keywords such as: “Obbama” or “Goggle.” Here’s how it works: When people type in the misspelled keyword the results may include a malicious website listing. When users click on an infected search result, artificially bolstered by SEO, they are redirected to a Web page where a pop-up warns their computer is infected with malware. The message then tries to persuade users to download fake antivirus software for a fee. If users buy the fake software, they have unknowingly provided their payment card number to cyber thieves, and are also at risk for identity theft.
Criminals also install rogue software once you reach their site. Rogue security software relies on social engineering. It defeats the security built into modern operating systems and browser software, and installs itself onto victims’ computers. Most of these programs have a Trojan horse component that misleads users. The Trojan may be disguised as:
• A browser plug-in or extension
• An image, screensaver or archive file attached to an e-mail message
• Multimedia code required to play a certain video clip
• Software shared on peer-to-peer networks
• A free online malware scanning service
It’s wise to take an extra glance at the listing before clicking on a search engine link. Google makes this easy by showing the URL under each search result. In recent times, victims might have noticed the .cn suffix on the end of each domain name, a signal that the website might be in China and could include unexpected content. This is not a foolproof strategy. Computer criminals sometimes deploy a technique called “Google cloaking,” which can display a different URL than the one you’re actually visiting.
Keep up with security patches. The latest form of attacks relied on vulnerabilities that allow a website to install software onto a visiting computer without the user’s knowledge. Fully patched systems warn potential victims by displaying a pop-up window inviting them to download software. This doesn’t guarantee that you won’t be infected, but it can help.
Bad websites can use good SEO tactics to reach the top of the search engines, and the results can be ugly. But if you’re vigilant, you can avoid these problems before they happen.