For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not.
Most people think that what Google, Bing, or Duck Duck Go brings back is heaven sent and can be trusted. It cannot.
Results often include malicious links from search engine optimization (SEO) poisoning, where the attacker has been able to trick the search engine into returning its URL when a user searches for something.
A simple example of SEO poisoning would be for a malicious website to contain the word cat thousands of times so that it is more likely to be presented as a place cat lovers might want to visit. Today’s SEO poisoning is more complicated than that, but that is the general idea.
I have written on this many times before:
Educate Your Users About Malicious SEO Attacks
Be Aware of SEO and Waterhole Attacks
Paid Ads Deliver Malware
The more frustrating part is the malicious “sponsored” ads. Those are instances in which a malicious entity has paid the search engines to post their malicious URL when the user searches for particular keywords. A sponsored ad appears at the top of a search engine result page, above the non-sponsored, and often legitimate, sites. It is also known as malvertising.
It has been happening for decades, especially around IT computer help issues like printer problems and Microsoft Windows error messages. KnowBe4 recently wrote about this here, based on this Malwarebytes article.
Here is an example of potentially suspicious sponsored ads when I searched for Canon printer help:
The last link shown, Canon USA, is the only one I would ever visit. The rest, if not completely malicious, are not going to be as efficient in helping you fix your printer problem, if at all. Most of these types of sponsored links are just trying to trick you into installing malicious software, often in the form of a “driver” or “fix it” program. Warn your friends to be careful when downloading "drivers" to fix problems, even if they found that "help" using Google.
I really feel for Google and the other search engines who have to fight malicious sponsored ads. They absolutely do not want them. It is something they actively fight against every day. Every time Google finds a way to detect and prevent a malicious ad, the bad actors figure out a way around it. It is a non-stop battle, much like the ongoing antivirus detection battle to detect new malware.
And Google and other search engines obviously are not winning. SEO poisoning and malicious sponsored ads have been occurring for decades without pause. Many vendors and sites recommend ad blockers and content filters, but really, the best thing you can do is to educate your users to be appropriately skeptical of all search engine results. Let them know that search engines can be duped, and their results will often contain suspicious links that most computer security people would not click on.
This is one of those cases where a little education goes a long way.
How BreachSim works:
