Cybercriminals have been using Google Alerts, black hat SEO techniques, fake giveaways, and spam websites to direct users to nasty offers and content.
Google Alerts redirect users to malware
This month, BleepingComputer reported that scammers were using fake-but-legitimate-looking Google links to redirect users on landing pages with fake giveaways and unwanted search-related extensions.
- Hackers leveraged the fake news about previously hacked organizations like Chegg, EA, Canva, Dropbox, Hulu, Ceridian, Shein, PayPal, Target, Hautelook, Mojang, InterContinental Hotels Group, and Houzz to distribute malware and scams.
- Google Alerts helped to spread these fake notifications as the service monitors search results for user-defined keywords.
- Scammers also used their self-created pages, that were set up by Google Sites, and promoting fake Adobe Flash player updates in both Google Chrome and Mozilla Firefox web browsers, as well as showing a fake offer of iPhone 11 devices giveaway.
This is not the first time
Earlier, in September 2019, scammers injected malicious sites into the Google search index to have them also appear in the ‘Google Alerts’ notifications being sent to users.
Fake Flash Player updates used in attacks
Cybercriminals often trick users into downloading an unofficial (fake) Flash Player through pop-ups on a deceptive website.
- In May 2020, Cisco Talos discovered that the WolfRAT malware was mimicking the legit services such as Google service, GooglePlay, and Flash update. The malware targeted messaging apps like WhatsApp, Facebook Messenger, and Line.
- In March 2020, an APT group Storm Cloud compromised several Tibetan sites in a highly-targeted Fake Flash campaign by installing SweetAlerts on each of the web servers they compromised. The group also used GitHub to host the malicious Flash installer.
Protecting from spam
When creating an alert on the Google Alerts page, configure the settings as "best results" to protect against low quality and malicious sites. Do not trust intrusive ads displayed on dubious websites. Users should also check installed extensions, add-ons, and plug-ins on the browser and programs on the operating system.