A recent report by bleeping computer suggests that fraudsters and hackers have been pushing fake data breach notifications disguised as famous companies. With the help of black SEO, Google Sites, and spam pages, they are directing users to dangerous parts of the internet.
Since Google Alerts monitors all the search results for user-defined keywords, unintentionally, the service has played an important role in spreading the malware.
According to the report, scammers have been using both newly created pages and already compromised websites to combine the term “data breach” with well-known brands such as EA, Dropbox, Hulu, PayPal, Target, Mjoang, and a few more.
When users click on the links, they end up on websites and pages hosting fake giveaways and advertising download offers for unwanted extensions and malware infested files. Hackers and fraudsters have made it pretty difficult to detect this malicious behavior, since the pages don’t directly reveal the exact nature of the campaign. In some cases, users might even see a “page not found” error or a text-filled page created to promote a fake data breach.
Other than this, Bleeping Computer has also reported a hacked website containing a directory with around 2,000 text files that contain specific keywords. This website has reportedly helped hackers by ranking their pages and websites higher in Google search results. Moreover, they have also set up their own pages using a free tool from Google, dubbed Google Sites.
Google has been notified regarding the issue. Hopefully, the tech giant will take a step to eradicate this security breach soon, before more unsuspecting victims fall prey to the scam. Till then, stay alert while browsing online and steer clear from anything that sounds too good to be true.