Search engine optimization (SEO) poisoning has been around for as long as internet users have been using search engines. The attack, which is making a bit of a comeback recently, involves manipulating search engine results to drive users from legitimate websites to sites that serve up malware, identity theft tools and even fake news.
Same Scheme, Different Name
Attackers used various techniques to trick search engines into elevating webpages that serve up pornography, advertising, and political or religious content, the Zscaler researchers reported.
“SEO poisoning is a new term for a very old problem: People trying to get you to go to their webpage rather than what you really want,” said Ty Belknap, a network engineer and author of “Timeless SEO Secrets.” “It’s been around almost as long as websites have, and search engines still have difficulty stopping it.”
The technique is most effective during special events like the Olympics, World Cup or an upcoming election, added Joseph Carson, chief security scientist at cybersecurity vendor Thycotic. During natural disasters, he said, criminals often use SEO poisoning methods to trick people into sending aid to them instead of victims.
“SEO poisoning is typically time-based, so it has a limited set of time that the malicious content would be available on the top of the search results,” Carson explained. “The technique of using SEO poisoning is very concerning as most people trust the search results from Google and have an expectation that when something appears on the top page of the search results, it is assumed that is has been vetted and is authentic.”
How Does SEO Poisoning Work?
Attackers use various techniques to move their pages up in search engine rankings. In some cases, attackers flood their websites with keywords, although most search engines have gotten wise to this technique.
In other scenarios, attackers use so-called cloaking techniques to deliver different web content to a user than it does to a search engine spider. Yet another method involves building layers of websites that link to each other in an effort to trick search engines into ranking them higher.
Malware distribution and information theft are the top goals of SEO poisoning, so attacks can create problems for both individual internet users and corporate networks. According to Carson, this tactic is frequently used to compromise companies’ sensitive information.
“It is a common method using SEO poisoning to steal employee credentials so the cybercriminal can abuse that information to gain access bypassing a company’s existing security controls,” he explained.
Such an attack can also damage a business’ brand reputation if customers end up at a poisoned site instead of the real one.
“If they have been a victim of SEO poisoning,” Carson posited, “then how can customers trust the service in the future if they have no confidence that they are on the company’s actual legitimate website?”
Why Users Must Stay Vigilant
Users can protect themselves by using an up-to-date browser that warns them if they try to access insecure websites. Google, in particular, has pushed legitimate websites to use Hypertext Transfer Protocol Secure (HTTPS), the secure form of Hypertext Transfer Protocol (HTTP), and has begun warning users when they surf to insecure sites.
Internet users and organizations should also install antivirus tools that warn them of sites serving up bad code. In addition, users should pay special attention to the URLs of the websites they see in all search results. If a website serves up a pop-up asking you to opt into something, read it carefully before taking action.
SEO poisoning can bloom from a trending event more quickly than watchdogs can track individual cases. This can make it difficult to stay informed, but users can mitigate the risks before they reach their networks by remaining vigilant while browsing and regularly updating security software.