TechRepublic.com reported earlier this week on new research showing a recent increase in Search Engine Optimization (SEO) poisoning. SEO poisoning attacks are targeted to advertising links, like paid Google Ad links, that are advertised or posted at the top of the first search results page and then actually lead to compromised sites that are scam sites or infect visitors with malware.
The article discusses an example where scammers registered a fake domain name/website (www.blender-s.org) and then paid to have it appear at the top of the search results for Google. The target was apparently attractive because the attackers believed there would not be brand monitoring in place to shut down the scam:
A user who doesn’t read the URL closely or is unsure of the exact URL of the software might click on any of those attacker-controlled domains, which could result in a compromise. The malicious top result blender-s.org is a near exact copy of the legitimate website from Blender, yet the download link does not lead to a download on blender.org but to a DropBox URL delivering a blender.zip file.
The second malicious website at blenders.org is similar: It shows a near perfect copy of the legitimate Blender website, yet the download link leads to another DropBox URL, also delivering a blender.zip file.
The scam here, using fake domains and Google Ads, is low-tech but effective because consumers often assume that the first results that show up on the first page at the top of Google are legitimate. And for good reason, as 89% of all search traffic comes from the first page of results. Thus, a Google Ad stamp on a link can be seen as a seal of approval or legitimacy.
Targeting smaller companies or organizations for an SEO Poisoning scam is not a new deviation – that is, SMBs are a huge target for scammers. There are 32.5 million SMBs in the United States, and these companies make up the overwhelming majority of businesses. Software like DomainSkate’s is affordable, easy to use, and can level the playing field for any business and brand that cares about its reputation and bottom line.
