Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate DomainsSo-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.

According to security vendor Cybersixgill, threat actors are making use of services that exploit illegal SEO tactics using a combination of stuffing keywords, redirecting links from other sites and making use of paid links. Any domain – whether malicious or legitimate – that uses these techniques will eventually be delisted from search engines. But, because threat actors can change domains like the wind changes directions, making temporary use of the beneficial SEO rankings has become so popular that it’s now being offered as a service.

Now you may be thinking these “SEO experts” are playing by the same rules as regular companies – but that’s just not the case. According to Cybersixgill, an example domain for sale had a whopping 177,105 backlinks pointing to it – something not possible for a legitimate organization to accomplish (unless you're one of the Internet’s most popular websites).

The danger in ranking high for specific search terms is it allows threat actors an opportunity to rank for a seemingly benign term – or even something very targeted to a specific company, industry, or area of research – that would make someone within an organization visit a malicious website and click on malicious links or download malicious files.

Good cyber hygiene best practices taught by Security Awareness Training involve only visiting known-safe websites (whether that’s based on the website being known to the user or because a security solution that scrutinizes domains and/or websites says it is. Be sure your users know about this problem; otherwise they may find out next time they run a search.

The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

ModStore01-1The ModStore Preview includes:

  • Interactive training modules
  • Videos
  • Trivia Games
  • Posters and Artwork
  • Newsletters and more!

Start Your Preview

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews