Cybercriminals use web positioning techniques to appear in search results and capture victims.
Cybercriminals use the Black Hat SEO technique to strategically position their scams in search results. It is that when you go to Google to search for a specific topic, the malicious sites are the first thing that appears in the list of results.
The scam that is currently hovering is a page that appears in the top search results that invites you to fill out a survey to supposedly win a smartphone. Eset Latin America, cybersecurity company, has warned about this campaign that works when cybercriminals take advantage of the prominent Google fragments to spread their campaign.
The technique that the cybercriminals have to position the scam is to use domains that, although they have expired, maintain their old SEO authority because they have been frequently referenced by important sites also with SEO authority. These domains create a private blog networks (PBN) that are the key to subsequently achieve manipulation in the search results.
There are also cases in which cybercriminals pay in Google Adwords for malicious and fraudulent ads to appear as ads, reports Denise Giusto, an IT security specialist at ESET.
The scam works when you search for something in Google, it presents a prominent fragment that will address the fraudulent site. When the victim clicks, several forms are submitted to obtain the prize. Form filling is done and the person is redirected to a new site, which can even be shown as secure, where more personal information is requested.
The last step is the purchase of the smartphone for a dollar, and it is the moment of the scam where the cybercriminals request the data of the credit card of the victim.
The recommendations to avoid becoming victims of cyber attacks are not to respond to emails or announcements of doubtful origin about contests, prizes, or requirements to participate in any activity. It is recommended to use the private browsing function whenever it is required, as well as to avoid sharing private and sensitive information in any public access site such as social networks or the type of pages described above.
On the other hand, experts also recommend accessing websites where bank transactions are carried out by writing the UTL directly in the address bar, not from the search result.
If you can identify these scams in Google’s featured ads or any other search engine, you can comment on it, highlight it, and alert other people not to become victims of cyber-crime. It is important to report if the content is incorrect or misleading.