How SEO Poisoning Can Threaten Your Business

When you want to look something up on the internet, you turn to a search engine, like Google or Bing. However, not all links are relevant, or even legitimate. Bad actors are devising ways to trick you into clicking on search results that lead to malicious websites, whether to obtain your information or install malware on your machine. They achieve
March 26, 2024
 / 
meritsolutions
 / 
Image

When you want to look something up on the internet, you turn to a search engine, like Google or Bing. However, not all links are relevant, or even legitimate. Bad actors are devising ways to trick you into clicking on search results that lead to malicious websites, whether to obtain your information or install malware on your machine. They achieve this through something known as SEO poisoning.

What is SEO poisoning?

SEO poisoning is the act of intuitionally manipulating search results to trick searchers into visiting your website. Typically, legitimate websites employ SEO (search engine optimization) tactics to appear as close to the top of a search results page as possible, which helps attract searchers looking for that relevant content.

However, SEO poisoning abuses those tactics to float malicious sites to the top of search, even when those websites have nothing to do with the search in question.

How does SEO poisoning work?

There are multiple tactics bad actors can use to employ SEO poisoning on their website. The first is a sort of impersonation: Bad actors will design their website’s URL to look as close to the legitimate thing as possible without arising suspicion. Sometimes, they use Google’s ad service to really push the result to the top: Users will see a familiar URL at the top of the search results, and potentially click without thinking twice.

Another tactic is to spam the malicious site with keywords: Keywords are common search terms that websites add to their pages to appear during a search. If a bad actors strategically adds a host of search terms to their malicious site, they may trick the search engine into floating their page to the top.

However bad actors use SEO poisoning to get their sites to appear at the top of search, the end result is bad news: These sites often trick users into giving up sensitive data, such as login credentials, or download malware to the user’s machine. The latter is particularly common for fake sites for software users are searching for: Once a download starts, the user may think it’s the software they’re after, when in actuality its a malicious software that can compromise their business’ network.

How to keep your business data safe from SEO poisoning

To prevent these malicious sites from scraping your work credentials or running malware on your business’ network, be extra careful whenever clicking links on your search engine. It doesn’t matter which search engine you use: Always check before clicking a link to make sure it’s really the site you want to go to.

Read through the URL preview to ensure it makes sense for the site you’re searching for; double-check whether the link is for a real website, or if it’s just an ad. (These aren’t always malicious, but it’s never worth clicking on ads when the real links appear below them.)

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.