The problem is that a lot of links come from search engine result pages, and people trust search engines more than other legitimate online resources. A lot of illegitimate websites are often indexed in leading search engines without much thought.
With the summer season at its peak, everyone would surely love to relax with either the air conditioner by their side, or by the pool with ice tea, juice, or another cool beverage. They’d also love to go out and watch their favorite movie or watch it at home.
Whatever people wish to do, it might occur to them that they need to keep an eye on their electricity bill. Most people do not remember the URL for their electricity bill. Hence they should type their name into the search bar and search for the right website.
They need to catch an SEO phishing scam right in its tracks, or it will catch them.
SEO phishing, illegitimate sites, and their partnership with search engines – unreal or not?
No one would like to talk about the dept of search engine optimization (SEO) at the moment. Yet we will have an understanding of the way it works.
Search engine optimization (SEO) in short is a form of digital marketing. It basically helps website owners market their sites using keywords and phrases which attract the attention of search engines for certain topics. The search engine will suggest those sites if and only if they are a good match for the keywords or topics searched by users.
However, the problem is that most search engines do not regularly go through each website to ensure they are real, legitimate, and authentic.
What happened in the ending days of June?
In late June, scammers made a fake website that cleverly copied the look and feel of a legitimate electricity generation company. They manipulated the site’s SEO and used other sophisticated techniques as well. The fake site was also promoted near the top of the search results list right next to the legitimate site of the utility company.
Any person who searched for the utility company can see the front-page result, and could potentially click on the illegitimate link.
The fake site warned visitors of impending service interruptions, directed them to call a customer service helpline for information (a fake one), and even promised them discounts on their utility bills for paying them via telephone.
All of this seemed too good to be true. Unsuspecting users called the numbers and found out the cybercriminals were involved. Their representatives took credit card information of some, and some of those crooks were caught red-handed.
What are the best practices for users and companies alike to defend themselves against fake sites, deceptive links, and of course, SEO phishing?
Spoofing is part of such a kind of phishing. It is part of a wider category of online scams where bad actors want unsuspecting users to click on a link leading them to their deception. Defending oneself against fake links in emails and online search terms needs a combination of technological protection, vigilance, and a good amount of skepticism of the online world.
Experts from a well-known DDoS protection service based in North York have decided to share with us tactics that are helpful:
Think about the whole thing twice
Using a good amount of skepticism of the right kind, it is always wise to think twice about clicking on a link someone sends in either an email, a text, or an instant message.
Going directly to the website
If users get an email from their utility service provider, bank, or an online store, it takes no time to open a browser tab and send them to that site. In the case of legitimate emails, the same information should be seen on the company’s site.
The URL should be checked first
Those who are using either a desktop computer or a laptop should always check for the URL by hovering the mouse arrow over the HTML link to see it. This practice helps them whether or not the website is real.
Heeding the warning signs
Users must take note whenever their browse warns them about a link. A lot of browsers have features alerting users of suspicious and spam links, and of those sites which are literally dangerous. Such features should be enabled at all times (Though modern browsers have them enabled). Such updates often contain patches which often eliminate such security vulnerabilities.
