In today’s digitally-enabled and digitally-focused world, we have become voracious consumers of online content, scrolling through never-ending digital feeds that are perfectly curated to maintain our interest. The pace of technological advancement has also created a culture of instant gratification, with internet users expecting instant response times, rapid results to our web-based queries and information that is gathered per our requests in the blink of an eye.
When searching for information on a particular topic or in a specific field, the immediate go-to are usually top search engines like Google or Bing. Once the search results have loaded, the typical user generally clicks on the first few links, assuming that these are the most relevant sources. Herein lies the problem: how can we be confident that the results to our search are trusted, accurate and appropriately ranked according to relevance? More importantly, can the results be manipulated? The answer to the latter, unfortunately, is a resounding YES.
SEO (Search Engine Optimization) has been around since the early days of the internet, and is still very much in use today. SEO is the process of increasing a website’s organic traffic and visibility by improving its ranking on search engines when people search for information, products or services. The higher the page is ranked within search results, the more “clicks” that link is likely to get – and as a result, attract more prospective and existing customers to the business.
Anyone can manipulate the SEO process by utilizing certain keywords and hyperlinks in online content. With these tactics, as well as several other methods, users can artificially climb their way to the top of the list, and secure a higher ranking for their business in search results. While this is a common practice, employed ethically by benign users simply trying to gain better visibility for their growing business through approved optimization methods (White Hat SEO), unfortunately, cybercriminal threat actors also manipulate search engine algorithms for malicious purposes. This abuse of the search engine results page (SERP) for malicious means is known as “Black Hat SEO,” involving the use of disapproved and exploitative techniques to corrupt the search results - usually at the expense of another, legitimate site.
Black Hat SEO involves a set of practices that directly violate the search engine’s terms of service, manipulating the algorithm to doctor website ranking performance. These tactics are highly exploitative and deceptive, and when they are detected, generally result in heavy penalties, downgraded website rankings, and in some cases, the website in question may be delisted from the search engine entirely.
Black Hat SEO tactics are commonly used to boost the ranking of fraudulent phishing sites, helping these scam pages rank higher than the legitimate site they seek to impersonate. Naturally, new phishing sites are swiftly detected by anti-virus and other scanners, and only last for a few days online before they are removed. However, though these sites may not stay up for long, by using Black Hat SEO tactics, threat actors can significantly bump their site’s position in search engines, baiting as many victims as they can in this short period of time to click on the malicious link – exposing their sensitive data, login credentials, and personally identifiable information, to theft. To evade detection and removal by the search engine crawlers, cybercriminals employ a range of Black Hat SEO tactics to extend the shelf-life of their fake sites.One of the most popular methods in this regard is cloaking, a “bait-and-switch” displaying different content to users and search engines. Another tactic is a redirect, sending users to a different URL than the one they initially clicked on. Some cybercriminals have even moved to take advantage of search engines’ scrupulous anti-hacking measures, simulating a “this site may be compromised” alert when users click to visit a legitimate site, with a redirect link leading to the actual phishing page. If you can’t beat ‘em, join ‘em.
Threat actors are known to exploit legitimate techniques to their advantage, turning innocent best practices into malicious campaigns. SEO is no different, with cybercriminals abusing legitimate optimization techniques to improve the believability of their phishing sites — boosting the site’s ranking in search engines to maximize incoming traffic.
Black Hat SEO poses a significant threat, manipulating the user experience as they innocently navigate their everyday internet activities. By abusing the most and reputable trusted sources, threat actors are able to dupe their victims into opening malicious links, thereby compromising their device and accessing sensitive information, from their private communications to their financial account data. From this beachhead, cybercriminals may be able to gain access to other logged-in accounts, infiltrate corporate networks and cause wide-reaching disruption and damage.
The primary application of Black Hat SEO techniques is to evade anti-phishing protective mechanisms. By improving the page rank of the malicious site, attackers hope for it to slip undetected past even the best defenses. Thus, the best practices to avoid falling victim to Black Hat SEO methods are:
- Security teams must stay abreast of the trending tactics, tools and procedures on the cybercriminal underground, and are encouraged to monitor deep and dark web forums and markets for SEO and phishing related discourse, to facilitate preemptive security protocols..
- Educate employees to be vigilant before clicking on a suspicious link, even if the link has appeared on trusted search engines such as Bing, Google or Yahoo.
- Follow anti-phishing best practices –
- Even a top-tier anti-phishing system might mistakenly approve of a malicious site, and therefore on the individual level, users must be educated on phishing schemes--what they are, how to discern a potential phishing email/site, and what steps one must take in the event of a phishing attack.
- On the organizational level, security teams must continuously detect and block malicious sites and domains, monitor suspicious communications sent from unknown sites to the internal network, and ensure that employees are well aware of social engineering tactics and attacks.
Ultimately, companies need to instill cybersecurity best practices across the organization and convey these guidelines to employees, partners, and customers alike, ensuring all are aware of potential risks, even when using the most trusted search engines.