Home / Malware / Beware of Google Alert Links Leading to Malware and Scams – BleepingComputer

Beware of Google Alert Links Leading to Malware and Scams – BleepingComputer


Google Alerts is s useful service that allows you to receive emails or an updated RSS feed when new pages appear in the Google search index that are related to specified keywords you are following. Unfortunately, whenever there is a good thing, people try to take advantage of them to push users towards scams and malware.

For those not familiar with this service, Google Alerts allows you to submit keywords that you wish to monitor. When new pages are found that match these keywords, depending on how you create the alert, Google will either send you an email or update an RSS feed.

I have been using Google Alerts for many years in order to track various malware and security topics. Over the past year, if not longer, I have noticed a trend where bad actors are injecting malicious sites into the Google search index in order to have them also appear in Google Alerts being sent to users.

When a user clicks on one of these alerts, they will then be sent to a page that then redirects them through a series of other pages until they finally land at a fake giveaway page, tech support scam, unwanted extension, or malware installers.

The anatomy of Google Alert spam

To get malicious links into Google Alerts, bad actors will create spam pages with popular keywords and get them into the Google search index.

For example, as we publish a lot of ransomware news, I have a Google Alert setup for Ransomware. Knowing that users are desperate for decryptors, the bad actors create fake spam pages containing blobs of text containing keywords related to a particular decryptor that may be affecting a lot of users at the time.

You can see one of these spammy pages below that pretends to discuss a Kaspersky decryptor for the STOP DJvu Ransomware. This page is what is shown to users when they directly navigate to the page’s URL.

Spam page created to promote a decryptor
Spam page created to promote a decryptor

When the bad actors create these pages and get them into the Google index, an alert will be generated for anyone who wants to be notified about ransomware, decryptors, or the STOP ransomware.

Google Alerts for ransomware decryptors
Google Alerts for ransomware decryptors

When a user clicks on a link through a Google Alert or via the Google search engine, instead of showing the web page shown earlier in the article, they will be redirected to a malicious site like the tech support scam shown below.

Redirected to a Tech Support Scam
Redirected to a Tech Support Scam

This is not to say that scammers are only designing pages around tech related keywords. 

BleepingComputer has also seen this same technique being used for other subjects such as televisions, clothes, movies, and more.  These subjects are typically for holiday shopping, coupons, ways to watch movies for free, or other types of content that users may be enticed to click on.

Shopping Google Alerts
Shopping Google Alerts

In the example above, all of the highlighted results are scam redirects.

Protecting yourself from Google Alert spam

The best way to protect yourself from these types of low quality and malicious sites, is to specify you only want the “best results” when creating the alert.

This can be configured under the alert options at the top of the Google Alerts page.

Select only the best results option
Select only the best results option

While selecting this option will remove a lot of newly registered sites and ones without good authority and reputation, it may aso remove legitimate sites that could provide good information.

Source link

Check Also

Android.Xiny.5260 Detection: Smartphone users should identify and delete these malware apps ASAP – International Business Times, Singapore Edition

In Google search, ‘how to update android’ is one of the top search questions as …

Leave a Reply

Your email address will not be published. Required fields are marked *