SE-ishing
Once again I am grudgingly admiring the ingenuity of the bad guys. If it is not one thing, it is another. Just when I think people are on the look out for phishing and spear phishing, here comes Search Engine phishing. Security researcher Jim Stickley details how its done in this article about a recent report he wrote.
What the bad guys do is make fake sites that purport to be legitimate from well known institutions. By manipulating key words and other search engine optimization techniques, the fake sites rise in searches to be the top choices. So for instance if someone searches First City Bank of Boca Raton, Google, Yahoo, Bing or whichever will actually show the fake site for, perhaps even before the real site. An unsuspecting web surfer, not suspecting that Google would be serving up scams goes to the site, enters their info and downloads a trojan and the rest is history. How frigging sneaky!
So just because a site comes up high in a search, does not mean it is dirty and a scam. Like everything else you see on the Internet a healthy dose of caution and common sense is required. But can you imagine how many senior citizens or kids would go to a fake look alike site that comes up high in a search engine and enter their info without thinking twice?
To be fair according to the article, Google was much less susceptible to this kind of scam then some of the other search engines. But none of them are immune.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=392b61ef-9c36-414f-89ee-42d799a7fd74)
Comments