Google Alerts accidentally circulating malware among users

(Image credit: Andriano.cz / Shutterstock)

Fraudsters are using black SEO, Google Sites and spam pages to push fake data breach notifications impersonating big name companies in an effort to distribute malware and scams.

As reported by BleepingComputer, Google Alerts help to spread these fake notifications as the service monitors search results looking for user-defined keywords. To spread their malware, the scammers either created pages or used compromised websites to combine the term data breach with well-known brands.

The news outlet has seen fake breach notifications for many companies including EA, Dropbox, Hulu, PayPal, Target, Mjoang and more. However, what ties all of these companies together is the fact that they have all fallen victim to a data breach in the past.

If a user clicks on any of the links picked up by Google Alerts, they end up going to pages with fake giveaways, download offers for unwanted extensions and malware. The fraudsters have made it harder to detect their malicious behavior though by making it so that these pages don't directly reveal the true nature of their campaign. Instead, users may see a “page not found” error or a text-filled page created to promote a fake data breach.

Ranking higher in search results

BleepingComputer also discovered a hacked website containing a directory with around 2,000 text files which contain specific keywords in order to promote a topic in Google's search results. The information inside these blobs of text was copied from public sources and covers a wide variety of subjects. When a user searchers for a certain topic online, the scammer's results rank higher in search results and are more likely to be clicked on.

In addition to using compromised websites, the scammers may also set up their own pages and in many cases they used a free tool from Google called Google Sites to do so. When a user clicks on a Google link for one of these fake pages, the link actually redirects them through multiple addresses before the final site is reached.

The scammers also used fake Adobe Flash update notifications to spread their malware. These fake alerts popped up in both Google Chrome and in Mozilla Firefox. Fake giveaways were also used by the scammers to lure potential victims.

To prevent falling victim to these scams, users should remain alert online, especially when clicking on links in search results, and remember that if something seems too good to be true, it probably is.

Via BleepingComputer

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.