Windows 10 News and info | Forum
February 27, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Beware of Google Alert Links Leading to Malware and Scams  (Read 112 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 31098

I Do Windows

WWW Email
« on: September 24, 2019, 01:21:46 PM »

Google Alerts is s useful service that allows you to receive emails or an updated RSS feed when new pages appear in the Google search index that is related to specified keywords you are following. Unfortunately, whenever there is a good thing, people try to take advantage of them to push users towards scams and malware.

For those not familiar with this service, Google Alerts allows you to submit keywords that you wish to monitor. When new pages are found that match these keywords, depending on how you create the alert, Google will either send you an email or update an RSS feed.

I have been using Google Alerts for many years in order to track various malware and security topics. Over the past year, if not longer, I have noticed a trend where bad actors are injecting malicious sites into the Google search index in order to have them also appear in Google Alerts being sent to users.

When a user clicks on one of these alerts, they will then be sent to a page that then redirects them through a series of other pages until they finally land at a fake giveaway page, tech support scam, unwanted extension, or malware installers.

The anatomy of Google Alert spam

To get malicious links into Google Alerts, bad actors will create spam pages with popular keywords and get them into the Google search index.

For example, as we publish a lot of ransomware news, I have a Google Alert set up for Ransomware. Knowing that users are desperate for decryptors, the bad actors create fake spam pages containing blobs of text containing keywords related to a particular decryptor that may be affecting a lot of users at the time.

You can see one of these spammy pages below that pretends to discuss a Kaspersky decryptor for the STOP DJvu Ransomware. This page is what is shown to users when they directly navigate to the page's URL.

Spam page created to promote a decryptor

When the bad actors create these pages and get them into the Google index, an alert will be generated for anyone who wants to be notified about ransomware, decryptors, or the STOP ransomware.

Google Alerts for ransomware decryptors

When a user clicks on a link through a Google Alert or via the Google search engine, instead of showing the web page shown earlier in the article, they will be redirected to a malicious site like the tech support scam shown below.

Redirected to a Tech Support Scam

This is not to say that scammers are only designing pages around tech-related keywords.

BleepingComputer has also seen this same technique being used for other subjects such as televisions, clothes, movies, and more.  These subjects are typically for holiday shopping, coupons, ways to watch movies for free, or other types of content that users may be enticed to click on.

Shopping Google Alerts

In the example above, all of the highlighted results are scam redirects.

Protecting yourself from Google Alert spam

The best way to protect yourself from these types of low quality and malicious sites is to specify you only want the "best results" when creating the alert.

This can be configured under the alert options at the top of the Google Alerts page.

Select only the best results option

While selecting this option will remove a lot of newly registered sites and ones without good authority and reputation, it may also remove legitimate sites that could provide good information.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page September 26, 2019, 02:28:46 AM