Although SEO poisoning isn’t a novel tactic, its potential for generating significant profits for cybercriminals should not be underestimated.
Search Engine Optimisation (SEO) poisoning refers to the malicious practice of deceiving search engines into ranking harmful websites at the top of user search results, often by mimicking reputable companies and organizations’ online presences.
To effortlessly entice unsuspecting victims to a malicious website, one effective tactic is to buy prominence on Google through targeted advertising, elevating your online presence to the top of organic search results.
According to Jérôme Segura, senior director of analysis at safety agency Malwarebytes, malicious Google search ads commonly masquerade as helpful customer support services from well-known companies like PayPal, eBay, Apple, and Netflix.
This iconic scene unfolds with a familiar arc. When a user searches for “PayPal assist” on Google, they are likely to encounter a sponsored ad that, upon being clicked, redirects them to a basic webpage claiming to offer assistance from PayPal. This website features the company’s branding and what appears to be its phone number.
What’s preventing Google from more effectively identifying and combating disinformation efforts like this one is the complexity of balancing free speech with fact-checking. A cursory glance reveals that the advertisement appears highly dubious from the outset.
Some attackers exploit ad supply networks by rerouting users to fraudulent websites following payment and acceptance of an advertisement.
According to Segura, fraudsters orchestrating these campaigns have been found to reuse identical advertiser accounts on multiple occasions.
For nearly three months, this exact account has been repeatedly reported over 30 times without any apparent action from Google, suggesting a lack of effective response mechanisms in place.
“As Segura noted, the termination of fraudulent accounts may not necessarily spell the end of scams, but it also highlights an underlying issue with our reporting and Google’s policies regarding repeat offenders.”
According to Malwarebytes, malicious advertising, or malvertising, experienced a significant surge in the United States, increasing by 42% between fall 2023 and persisting with a further 41% rise from July to September 2024.
As a testament to the alarming persistence of scammers, it appears that these nefarious individuals continue to invest significant resources – time, effort, and finances – in crafting malicious advertisements, suggesting that they’re indeed reaping a tangible return on investment.
While professional manufacturers invest a substantial portion of their resources on advertising to effectively ward off scammers and secure prime search engine rankings.
It’s potentially unfair to suggest that Google isn’t treating this matter with sufficient seriousness. According to its personal statistics, the corporation has taken significant action against fraudulent advertising, blocking or eliminating approximately 5.5 billion ads and suspending more than 12.7 million advertiser accounts throughout 2023.
There remains much to be completed.
While straightforward profits are available, fraudulent advertisements will undoubtedly persist.
