Cyber Criminals Are Using SEO to Boost Downloads of Malicious PDFs
Phishing emails work well for cybercriminals. But now they’re kicking it up a notch. They’ve started using Search Engine Optimization (SEO) methods and popular SEO tools to improve the rankings of their phishing websites to get more website clicks. And that works well for them, particularly in attacking the gaming community.
According to TechRadar, a security service provider recently reported a massive increase in downloads of malicious PDF files, with figures rising 450% in the last 12 months. They interpret this upward trend as partly the result of criminals using SEO tools to make their malicious websites perform better in search engine results.
Additionally, security researchers have highlighted that criminals increasingly use so-called “black hat SEO” to leapfrog other websites in search engine results. They’ve noted that unscrupulous SEO specialists sell complete web development packages for phishing sites on the Dark Web.
Phishing has expanded beyond traditional channels.
Phishing involves getting victims to click on links that download malware or take them to compromised websites where criminals steal their login credentials or other sensitive information. Criminals have always used email, social media channels, and text messages to dupe victims. It’s almost fortunate that phishing has become so prevalent that most people can spot the most prominent examples of phishing attacks in their inboxes.
But now, criminals are starting to manipulate search engine results to outrank other sites and get more direct internet clicks. Their efforts have been very successful, especially among gamers who keep looking for new challenges or (ahem) new ways to get better at their game.
SEO cheating pushes phishing sites to the top of search engine results, where people tend to click on interesting-looking links blindly. SEO cheating has become so successful that less-than-honest SEO specialists can now sell their services to phishing site operators on dark web hacking forums for increasing sums of money.
Criminals are free to use reputable SEO tools.
SEO is primarily a process of box-ticking to optimize websites for search engines. Google provides web admins with a free SEO tool, and several highly reputable companies offer premium SEO tools to marketers and web admins alike.
Search engines can better index and track the website content if the user takes all the correct steps on a rather long checklist. The content must be the right length, include a prescribed number of keywords and alternative keywords, and use the proper HTML headings. There should be both inbound and outbound links, and the images must be named and described according to a formula. Beyond metadata, other factors such as content-to-ad ratio, page speed, and cumulative layout shift are important.
If you can tick all the boxes on the SEO tool’s checklist, your website will appear higher on search results pages. Since criminals have the same aims as any other business, it follows that they would find SEO tools a very handy tool.
Criminals have nothing to lose by using Black Hat SEO
There are “good” and “bad” ways to get a website to the top of the search engine rankings. Over the years, Google, Bing, Microsoft, and other search authorities have tamed the WildWest surroundings with complex rules and best practice guidelines to ensure the best user experience.
If you use practices like stuffing keywords, redirecting links from other sites, and exploiting paid links, search engines will gently move (or sometimes abruptly shove) the site far down the ranks. In addition, search engines may block or remove the site from search engine data if the infringement is egregious.
That’s why reputable websites won’t touch black Hat SEO practices. In the long run, Google will discover it and penalize the site.
Criminals are using the rules to beat Google at its own game.
But malicious operators’ edge is that they don’t care about the long-term viability of their site. All they want is to get as many clicks as possible before Google catches up to them and makes them disappear.
Black hat SEO practitioners deliberately break the rules set by Google and Microsoft to game the system and get phishing pages listed higher.
Urgent need for digital protection tools
People may not like Google but have learned to trust search results. They don’t expect to find malicious sites at the top of the search results and are likely to click prominent links. Unfortunately, phishing sites don’t always care about longevity; they want high levels of short-term traffic. As a result, phishing sites have become far more effective at luring users to their pages and harvesting credentials and login information.
It can be impossible to tell a benign site from a malicious site. The best way to defend against SEO-optimized phishing attacks is to use a link scanner that decrypts and scans web traffic for malicious content. Gamers should use a gaming VPN with added URL protection. Some VPN providers can even block access to malicious websites before they have a chance to trick you into infecting your device.