- Статьи
- Internet and technology
- We have a substitution: how scammers deceive Russians with the help of "search poisoning"
We have a substitution: how scammers deceive Russians with the help of "search poisoning"
Fraudsters are deceiving Russians online with the help of so—called search poisoning, experts have warned about this. Knowing the specifics of website ranking (sorting) algorithms, hackers deliberately distort Internet search results, luring potential victims to phishing resources and spreading viruses. For more information about how scammers use "search poisoning", how dangerous this technique is and how to protect yourself from it, read the Izvestia article
What is the essence of the "search poisoning" technique?
Many people mistakenly believe that absolutely all sites located at the top of the Internet search results can be fully trusted. However, this is not always the case, says Kaspersky GReAT expert Georgy Kucherin in an interview with Izvestia. Attackers can use the "search poisoning" technique to place illegitimate websites they create on the first pages of search results.
"By understanding how website ranking algorithms work, attackers manipulate the contents of their online resources in such a way that they occupy high positions in search results," says the specialist.
Accordingly, when users access a search engine to find information they are interested in, a malicious link appears among the first results. Clicking on it can lead to undesirable consequences: device infection, data leakage, and others. The cyber attacks that use this scheme target both ordinary users and employees of organizations, notes Georgy Kucherin.
A phishing site that appears on the first page of the search using fraudulent manipulations may not be distinguishable from a legitimate resource, but in fact it will contain links to phishing pages, malicious software and other dangerous objects, adds the head of BI.ZONE Threat Intelligence Oleg Skulkin. In addition, attackers can use the so—called malvertising - the purchase of advertising to display phishing pages in high positions in search engines.
How scammers use "search poisoning" in Runet
"Search poisoning" is one of the favorite techniques of intruders, which they use, including in the Russian segment of the Internet, says Georgy Kucherin in an interview with Izvestia. Often, with the help of "search poisoning", attackers promote fraudulent sites where the user is asked to pay for a non-existent product or service.
"However, instead of the desired purchase, people lose money, and in some cases provide attackers with their bank card data, which is later used for illegitimate purposes," the expert emphasizes.
At the same time, attackers use "search poisoning" to spread malware (malware created to steal information and extort). Cybersecurity experts regularly notice malicious links in search engine responses to requests related to downloading software, mainly foreign software, including Microsoft Office office packages. After the departure of foreign companies, many Russian users are looking for such programs on third-party resources that supposedly allow them to download various popular software for free.
During one of the malware campaigns recorded by Kaspersky Lab experts, the attackers used "search poisoning" to promote their malicious sites and infect victims' devices with the SilentCryptoMiner miner, which uses the power of compromised computers to mine cryptocurrencies. In a similar way, attackers also distribute stylers, malware for stealing credentials, such as passwords from social media accounts or online banking.
— If we talk about cases when "search poisoning" is used to attack organizations, then in Runet for more than a decade, attackers have been promoting malicious websites with accounting document templates, — notes Georgy Kucherin.
What is the danger of using "search poisoning" on the Web?
Today, the Watch Wolf group uses topical topics related to "search poisoning" for the accounting sector, says Oleg Skulkin. The attackers were engaged in SEO promotion of fake pages that mimic resources for downloading document templates.
— The victim uploaded the document allegedly in one of the popular formats (DOC or XLS), but in fact downloaded the archive, after opening which DarkWatchman software was installed on the computer, — says the interlocutor of Izvestia. — It secretly collected information about the system, and then downloaded the Buhtrap remote access Trojan. Watch Wolf used it to withdraw funds from the company's accounts.
The main danger of such schemes lies in their mass character and users' trust in the top search results, says Vitaly Fomin, head of the information security analyst group at the Digital Economy League. Older people who are unaware of such digital threats are most often affected by "search poisoning". In addition, middle-aged people are often in a hurry to find information and, without hesitation, click on the most interesting headlines.
As a result, some of them remain on these resources, since malicious sites are difficult to distinguish from safe ones — there are practically no spelling errors, the topics are well covered, and the site itself is trustworthy.
"Such schemes can be dangerous because attackers can implement any scenario: from stealing funds, personal data, to hacking the victim's device and intercepting SMS and push notifications," said Evgeny Egorov, a leading analyst at the Digital Risk Protection department at F6.
However, sometimes such fraudulent schemes are aimed at corporate employees who are able to accidentally introduce malware into the company's network. According to Serchinform, 52% of industrial organizations face information leaks precisely because of the inattention of employees. The consequences can be serious: theft of personal data and money, infection of devices, as well as blackmail for the purpose of extortion for confidential information or access to files, emphasizes Vitaly Fomin.
How to protect yourself from fraudulent schemes with "search poisoning"
Protection from "search poisoning" requires joint actions on the part of both users and website owners, Anastasia Osipova, an analyst at the Positive Technologies research group, says in an interview with Izvestia. It is important for users not to trust the first links they see, especially if they seem suspicious.
— Check the website URL before entering confidential information, paying special attention to typos, encoded characters that usually begin with the "%" sign, and suspicious phrases that may include calls to action, phone numbers, or e-mail addresses, — the expert advises.
It is best to visit the support service websites directly, using bookmarks or official links, rather than clicking on search results, adds Marina Probets, an Internet analyst and expert at Gazinformservice. You should be careful with requests for personal information or computer access.
If in doubt, it is better to contact the support service directly using the contacts you know listed on the official website, or consult with specialists. Regularly updating antivirus software and using strong passwords are also important precautions.
As for companies, the contracts they conclude with their contractors contain the contact details of technical support services and phone numbers where you can contact their employees 24/7 or 8/5, depending on the prescribed obligations of the parties. However, such information is not always reflected on the public websites of companies.
"Therefore, in emergency situations, I recommend that you do not search for technical support coordinates on the Internet, but write them in advance in an emergency plan and have them on hand in case of unforeseen circumstances," concludes Nikita Novikov, an expert on cybersecurity at Angara Security.
Переведено сервисом «Яндекс Переводчик»
