How Scammers Use Google Search Results to Lure Victims

People pay good money to search engine optimizing firms to make it onto the first page of Google search results. The bigger the company, the more you pay, and some pay tens of thousands of dollars every month. However, the average user or small business owner just has to do the best they can to game Google’s search algorithm. This algorithm is kept secret for good reasons, but some scammers have figured out ways to use it to their advantage. They use it to attract victims into various scams. They do this by getting their scam sites listed on the first page of Google search results where most people believe only legitimate sites will be listed.

But how do they do this? In order to explain this tactic, it is first necessary to understand something called, ‘open redirect’. Open redirect is a technique that can hide the ultimate destination of a link by making the link appear as if it is leading to a legitimate and often well-known site.

I’m not going to go into much technical detail here but will use an example to demonstrate how tricky this technique can be. So, imagine you get a phishing email. It may look legitimate. It may even come from someone you know and have a subject that is commonly connected to that person. And then it may contain a link to a page that the person wants you to visit. Maybe they mention a chance to win a free iphone. Being a tech savvy person, you check the link and see something like this.

So, this looks like it leads to a legitimate domain; google.com, right? And, if you click on the link, sure enough, it seems to go to the Chrome Web Store. In fact it does go there, as you can see in the image below. At this point, you may simply think you’ve hit the jackpot. You really might be able to win a free iphone. However, there is one more step. You have to go to the company website to get your phone. There are several options here. One is to go to the site listed under the title, the other is a bit.ly link, and the third is through the website listed on the right of the page.

I don’t know what kind of Chrome browser extension is offered here in the Chrome Store because I don’t use Chrome, but it probably offers popups and other adware that will try to get your personal information. In any event, clicking on the address under the title will take you here.

Here, the English alone should make you suspicious, but maybe you don’t look too closely. This page also appears to be linked to a chat site where people discuss nothing to do with the free phone. You can put almost anything that looks like an email address and shipping address in the form shown above. You will then see some sort of fake verification going on and then be told you must prove you’re not a bot. You must also choose another free offer, so I chose to get a free PlayStation 5. Why not? But then you have to register, which requires you to give more and more personal information. And on, and on, it goes. It’s just a matter of time before you realize you’ve given up enough personal information and you’re not going to get a free phone.

Now, how is such a redirect used with Google search? How does a scammer get Google to list this scam page on the first page of search results? Well, this is Google’s own fault. In an attempt to monetize its search results, it sends all pages through its analytic system which is basically a page connected to Google. When you click on such a link to a site in the search results, you will briefly see this message showing this redirect from the Google analytic page.

This is different from the Chrome Webstore scam. That scam doesn’t need a redirect  because it actually leads to the Chrome Webstore, a legitimate Google site. It just uses the store to offer an adware extension and links to scam sites. In other words, the site has built-in credibility. However, the scam sites this Chrome Webstore page leads victims to can independently manipulate their page source code to get on the first page of Google search results. So now, there are two paths that lure victims in; Google Search to Chrome Webstore to Scam page, and Google Search to Scam page.

Once these scammers get the link that begins with google.com (either from the Google Search page or the Webstore), they can send it via any social media. Instagram and Skype users may see a lot of these and many have become victims. Some scammers have started using a few additional tricks. One of them won’t let you get your free iphone unless you give them your real phone number because they send you an SMS code that you need to use to continue to be scammed. They then take the first three digits of your phone to identify your ISP provider and show you a scam page that looks like something from the legitimate ISP website.

The best way to see these scams in action is to type “free iphone” or “iphone giveaway” into Google search.  Here’s how the scam website looks on the first page of Google’s search results.

Notice how you can’t see the entire URL and that the title emphasizes its Google connection. Here, in fact, is the complete link.

Now, such a long link may make some people suspicious. However, if you paste this link into a Word document, it resolves to this. (I’ve removed the link.)

FREE IPHONE GIVEAWAY (google.com)

Copying and pasting this into a phishing email will be much more effective. Notice again how the scammers make it seem as if Google is giving away a free iPhone.

And it’s not only Google.com that they are using to make the scam look valid. Here is a list of other legitimate sites that will lead you to the same scam page.

Twitter.com

Medium.com

Pinterest.com

Instagram.com

Surveymonkey.com

Facebook.com

In fact, the first page of these search results contained only scam sites. These scam sites come and go every day but are impossible to stop completely. That is to say, you are bound to encounter them in your internet travels. They can look very convincing. The good news is that if you’ve seen one, you’ve seen them all. If you have any doubts, try typing in fake information in the forms and see what happens. But, it’s best to keep in mind that you should be suspicious of anything that’s offered to you for free. It may be offered, but you’ll never get it. What you will get is increased spam attacks and worse. You could lose control of your email or social media sites. Your identity could be stolen and used to buy products that you will pay for. And, ironically, you may lose control of your own phone as the attackers could control it remotely. In other words, someone will get a free phone, but it won’t be you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s