What is search engine clickbait and how do hackers trick Google’s crawlers?

October 13, 2020  |  Nahla Davies

This blog was written by an independent guest blogger.

Search engine optimization (SEO) works with algorithms to ensure that the most relevant and most popular webpages show up first in an internet search. SEO makes sure that the best websites get the biggest boost. However, SEO has a lesser-known, evil twin called black hat SEO. This term refers to a common trick of cybercriminals. Black hat SEO is meant to circumvent algorithms, exploit weaknesses, and create fraudulent links. The goal of these actions is to push malware-laden websites and other nefarious web pages on to unexpecting users.

In this article, I will discuss the top ways cybercriminals hijack search engines and some examples of successful black hat SEO attempts. Understanding how cybercriminals operate and spotting their tricks can be an effective way to protect remote workforces and keep casual users safe.

Stealing SEO

Hackers want to catch users off guard when they are browsing the internet. They want you to click on their links and download their files so they can install malware, ransomware or other viruses on your computer. One way they can achieve this is by piggybacking off the popularity of well-established websites.

This rudimentary technique can be used by even the most novice hacker. For example, some websites allow users to post comments or upload files on their webpage. Hackers can post a link to their malware or upload a file that contains a virus on a popular webpage. They know that the website has a large audience, so chances are someone will click on it.

A hack like this recently happened on the UNESCO website and a Cuban government website, among a few others. A user under the moniker  m1gh7yh4ck3r uploaded PDF files offering help in hacking into online accounts. When users clicked on the links, it led to a variety of scam websites that urged visitors to download files in exchange for the program.

All the websites used an outdated Drupal CMS system tied to a Webform module that had vulnerabilities in the file share function. Modern websites can avoid having these glaring vulnerabilities by using SAST (Static Application Security Testing) to automatically scan written code for weaknesses.

Coronavirus clickbait

This particular hacking technique takes advantage of the coronavirus global health crisis. This technique exploits the fact that so many people around the world rely on the internet to provide them with information. This hack is very similar to the hack that was successfully used on the UNESCO website. It doesn’t take extensive Cybersecurity IQ training to understand.

Researchers recently discovered fraudulent, online drugstores using credible health websites with coronavirus-related headlines to gain web traffic. The cybercriminals visited high-profile health websites with comments sections or forums and used bots to post a multitude of messages linking to their website. Of course, most of the messages enticed users by claiming to have cures for coronavirus, or by promising those who click easy access to illicit drugs.

An additional benefit for the bad actors is that websites with many coronavirus-related keywords will rank higher on a Google search due to high public interest. The bad actors with the dangerous links gain SEO credibility by the increased traffic to their website, and by virtue of their link’s presence on highly-reputable websites.

Knockoff URLs

The Open Redirect glitch, or the Unvalidated Redirects and Forwards, is a well-known loophole utilized in scam campaigns and phishing attacks. This method allows hackers to create URLs that look similar to legitimate websites when shown on search engine results. This is achieved because the first part of the link is identical to that of a safe and well-known website, but the back end of the link is what redirects the URL to a dangerous page. When the user clicks on them, they are taken to the full URL page or redirected to a link that has been banned from Google.

Protecting remote workers from clicking on knockoff URLs and falling for phishing scams is essential for any business, especially if they have remote workers. Businesses must always tightly control and manage access to applications. One way they can do this is by requiring that all workers access links through a central place, such as requiring all workers to bookmark an important link or login portal. By enforcing this policy, you know that remote workers won’t be doing a Google search for “ABC Company Employee Login” and potentially being led to a harmful webpage.

Constant vigilance: the key to keeping cybercriminals at bay

As this article shows, even a sophisticated company like Google is not impervious to bad actors online. Google’s SEO algorithm is elegantly designed, efficient, and is constantly being updated to make it harder for hackers. Even so, there are thousands of cybercriminals constantly looking for loopholes and ways to cheat the system. Because of this, Google has a dedicated team that is constantly on the lookout for suspicious activity and harmful links so they can manually be removed.

It’s important to stay informed about the various ways hackers can compromise your data or harm your computer. Cybersecurity will be the most important vulnerability facing businesses in the future. Educating ourselves and working closely with cybersecurity professionals is the best way to protect ourselves, our families, and our businesses from the nefarious forces online.

Share this with others

Tags: seo

Get price Free trial