Search engine poisoning and how it can affect you
With an average of 3.5 billion Google searches made every single day, the search engine results page is a prime target for fraud. Search engine poisoning is a malicious tactic used by hackers to trick innocent online users into sharing payment information, installing viruses, and even distributing malware. A 2019 report shows that up to 51% of website hacks are related to SEO spam.
Both small websites and major platforms can become a pawn in the search engine poisoning game, so we wanted to share some facts about this illicit practice, along with tips on how to prevent your site from falling victim.
What is search engine poisoning?
Search engine poisoning occurs when malicious hackers intentionally create dummy websites that appear to be legitimate search engine results. The typical endgame for these Internet criminals is to steal users’ banking information or trick them into installing malware on their personal devices. These fake websites might mimic well-known legitimate businesses to build trust. Alternatively, hackers will create an entire series of dummy sites and social media profiles to create the illusion of a genuine brand.
It’s called search engine poisoning because the hackers use search engine optimization practices to appear higher up in targeted search engine results. It may also be referred to as SEO poisoning or search poisoning. Cybercriminals infiltrate, or poison, the search engine results page deceptive page titles and links to malware websites.
The dummy sites are often designed with SEO data, focusing on low-volume, low-competition phrases that easily rank on Google. Hackers also target search intents related to gambling and out-of-country pharmaceuticals, where users may expect to engage with sites they’ve never seen before. Some are easily recognizable because of their fake headers, lousy grammar, and “news” box titles. Others are harder to spot.
By disguising their false website and hiding among the legions of authentic search results, users will inadvertently click on the SERP link and visit the fraudulent website. From there, it is just a matter of directing the user to click the HTML code that contains the malware or fraudulent checkout process.
What are the dangers of search engine poisoning?
Online criminals have mastered many methods of hacking our systems and devices to steal from us. But since the Internet is a global information highway, hackers and cybercriminals use search engine poisoning to target a wide international audience.
One specific danger arises when the dummy website appears to be a local business. The Internet user goes online to find a local flower shop or restaurant that delivers. Small companies don’t always have great websites, so users look past minor quirks, unknowingly surrendering their payment information to a hacker’s website.
Malware is a form of malicious software that can cause all sorts of mayhem on your computer and network. Search engine hackers use it to steal passwords, delete files, and potentially take over your computer system for their own illegal purposes. When your computer is directly connected to other users, within a corporate virtual private network, for example, downloaded malware can infiltrate many other devices as well.
If you manage a website from your PC, hackers can use search engine poisoning to take over your site. This year, malware called Gootloader targeted WordPress sites, partially through SEO poisoning, injecting sites with countless pages of spam content. That’s why it’s crucial to ensure you have the latest versions of themes, plugins, and the WordPress core installed for your site.
When you subscribe to managed WordPress hosting, core updates are taken care of automatically. So be sure to check out EasyWP and learn about all the security benefits of Managed WordPress, along with other tools such as one-click backup and one-click restore.
SEO poisoning attacks are also more common during natural disasters when cybercriminals target good-hearted people trying to donate money to help those in need. Attacks also tend to increase during high-profile political campaigns and, of course, during the COVID-19 pandemic.
The most harmful aspect of search engine poisoning is the possibility of financial loss. Many people rely on credit cards to fund their online purchases and if those purchases are blocked because of search engine poisoning, then there could be serious consequences.
Those who use cryptocurrency to shop online should be especially cautious, as very few fraud protection measures are in place. Once you surrender your Bitcoin to a fraudulent site, the chances are very slim that you can ever recover your money.
How to prevent search engine poisoning
The best way to protect yourself is to make sure to avoid putting personal or financial information into any website without thorough research. While this can be time-consuming, it’s often very easy to spot a dummy website if you try.
Here’s an infographic that can help you sort out whether a website is legitimate or fraudulent:
Still, some hackers are very smart and know how to create dummy websites that look very, very real. A big giveaway, though, is the lack of an SSL certificate. While the “Not secure” notification in Chrome doesn’t always mean you are on a hacker site, if you have any uncertainty, navigate away from the page immediately and clear your browser cache.
Website owners and online shoppers alike probably know all too well that online fraud is a growing problem. With ever-increasing online fraud, the responsibility to protect sensitive data is yours alone. While no one is ever immune from attack, by learning best practices and never letting your guard down, you and your information can rest a bit easier at night.