Roger Grimes
2024-12-12 11:39:00
blog.knowbe4.com
For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not.
Most people think that what Google, Bing, or Duck Duck Go brings back is heaven sent and can be trusted. It cannot.
Results often include malicious links from search engine optimization (SEO) poisoning, where the attacker has been able to trick the search engine into returning its URL when a user searches for something.
A simple example of SEO poisoning would be for a malicious website to contain the word cat thousands of times so that it is more likely to be presented as a place cat lovers might want to visit. Today’s SEO poisoning is more complicated than that, but that is the general idea.
I have written on this many times before:
Educate Your Users About Malicious SEO Attacks
Be Aware of SEO and Waterhole Attacks
Paid Ads Deliver Malware
The more frustrating part is the malicious “sponsored” ads. Those are instances in which a malicious entity has paid the search engines to post their malicious URL when the user searches for particular keywords. A sponsored ad appears at the top of a search engine result page, above the non-sponsored, and often legitimate, sites. It is also known as malvertising.
It has been happening for decades, especially around IT computer help issues like printer problems and Microsoft Windows error messages. KnowBe4 recently wrote about this here, based on this Malwarebytes article.
Here is an example of potentially suspicious sponsored ads when I searched for Canon printer help:
The last link shown, Canon USA, is the only one I would ever visit. The rest, if not completely malicious, are not going to be as efficient in helping you fix your printer problem, if at all. Most of these types of sponsored links are just trying to trick you into installing malicious software, often in the form of a “driver” or “fix it” program. Warn your friends to be careful when downloading “drivers” to fix problems, even if they found that “help” using Google.
I really feel for Google and the other search engines who have to fight malicious sponsored ads. They absolutely do not want them. It is something they actively fight against every day. Every time Google finds a way to detect and prevent a malicious ad, the bad actors figure out a way around it. It is a non-stop battle, much like the ongoing antivirus detection battle to detect new malware.
And Google and other search engines obviously are not winning. SEO poisoning and malicious sponsored ads have been occurring for decades without pause. Many vendors and sites recommend ad blockers and content filters, but really, the best thing you can do is to educate your users to be appropriately skeptical of all search engine results. Let them know that search engines can be duped, and their results will often contain suspicious links that most computer security people would not click on.
This is one of those cases where a little education goes a long way.
Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.
Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.