The words and phrases you should NEVER Google to avoid being hacked
by WILIAM HUNTER · Mail OnlineSearching on Google might seem like one of the safest things to do online.
But cybersecurity experts warn that there are some searches which could put you at serious risk of being hacked.
Last week, it was revealed that cybercriminals had hijacked the Google results for 'Are Bengal cats legal in Australia?' to infect cat-lovers' computers.
Now, experts have revealed the seven other common words and phrases you should never Google.
Using a technique called 'SEO poisoning' criminals exploit Google's search results to lure unsuspecting victims into websites they control.
Following these links could lead to hackers taking over your computer, stealing your information, and even holding your data for ransom.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: 'SEO poisoning is a tactic used by cybercriminals to manipulate search engine results and then direct users to malicious websites which often look genuine.
'When users click on these links they are taken to sites that expose them to malware that often immediately downloads which can compromise the computer’s security and potentially lead to data theft or device infections.'
1: 'Customer service number'
According to cybersecurity firm TorGuard scammers frequently purchase adverts for search terms so that their malicious sites appear near the top of the results page.
Since most internet users assume that the top-listed results are legitimate, people follow these links without proper scrutiny.
TorGuard founder Ben Van Pelt says that scammers will often use these adverts to impersonate the customer service helpline of a legitimate company.
When a customer calls that number, instead of reaching the company they intended to find, they are met by a scammer ready to try and steal their information.
Mr Van Pelt told Indy100: 'They receive these calls, sometimes hundreds daily, and they convincingly mimic a technician.'
To avoid these scams, always look for customer service numbers directly from the company's official website rather than from Google search results.
Likewise, internet users should be very careful about searching for the term 'tech support'.
What is SEO poisoning?
Search engine optimization (SEO) poisoning, otherwise known as malvertising, is a technique by which hackers use search engines to make malicious sites appear legitimate.
Hackers manipulate search results to push sites they control to the top of the page.
Since consumers assume that the top hits on search engines are trustworthy, many people follow these links without thinking.
Once on the malicious site, users are lured into providing personal details or downloading malware onto their device.
Mr Van Pelt warns that some criminals will set up fake tech support services to trick users into giving them remote access to their devices.
Once the have access, it is easy for hackers to steal credit card information, install malware, or lay the groundwork for even bigger attacks.
2: 'Easy loans'
Unfortunately, like many scammers, cybercriminals often go after those who are in financial distress.
By targeting those who are already in dire situations, the exploitative criminals hope that their victims won't be so discerning when they spot an offer that seems too good to be true.
According to Mr Van Pelt, cybercriminals will exploit people Googling the phrases 'Easy Loans', 'Quick Money Making Schemes' and 'High-Paying Remote Jobs'.
By poisoning the search results for these terms, the criminals place websites they control high up in the Google search results.
Once somene has been lured onto the site, the scammers will then try to trick them into giving away their banking information or downloading malware onto their computers.
For example, someone being targeted by a remote work scam might be asked to install software in order to start working or attend an interview.
However, these downloads will actually contain malware which infects the target's computer and extracts their personal data.
In a similar vein, hackers have also been known to hijack the phrase 'Free Credit Report'.
Unlike attacks which trick people into installing malware, these attacks try to harvest their victim's information directly.
After Googling the phrase, users will find what appears to be a legitimate credit rating website hidden within the normal search results.
However, this site is actually being controlled by criminals who record all the information visitors input.
In this way, scammers can easily trick their victims into giving up everything from their date of birth to their National Insurance Number and address.
With this information, the scammers can impersonate or extort their targets for financial gain.
3: 'Google Authenticator'
While most SEO poisoning attacks go after specific words and phrases, some scams try to impersonate actual products.
In June, Cybersecurity researchers from Malwarebytes warned that cybercriminals had begun to target internet users searching for the Google Authenticator app.
This app is required to log into certain secure services and provides two-factor authentication which is key to maintaining good cybersecurity.
However, Malwarebytes found that hackers had purchased fraudulent adverts promoting what appeared to be a legitimate link to the app.
Following this link brought users to a cleverly disguised website which prompted the visitor to install a file on their computer.
But, rather than installing Google Authenticator, anyone who clicked 'download' would actually install a piece of malware designed to ransack your device for personal data.
In a blog post, Jérôme Segura of Malwarebytes wrote: 'The core issue with brand impersonation comes from ads that appear as if they were from official sources and advertisers’ identities verified by Google.
'We should note that Google Authenticator is a well-known and trusted multi-factor authentication tool, so there is some irony in potential victims getting compromised while trying to improve their security posture.'
Mr Segura adds that people should avoid clicking on ads to download any kind of software and instead visit the official repositories directly.
4: 'Sports mental toughness questionnaire'
Typically SEO poisoning attacks aim to lure in as many internet users as possible to increase the chances of snaring a victim.
However, in some cases, hackers will also go after very particular sets of individuals.
While investigating a malware campaign called SolarMarker, cybersecurity researchers at Menlo Security uncovered over 2,000 unique search terms which had been compromised.
Among them was the extremely specific phrase: 'Sports Mental Toughness Questionnaire'.
What made this attack uniquely dangerous is that this search returned results linking directly to PDF files.
Mr Moore says: 'It [SEO poisoning] is often hard to spot but it will usually be used specifically for people using Google to search for documents and PDFs rather than websites.
'The dodgy links will be embedded in so they will automatically download without your knowledge.'
When keen sports enthusiasts follow the link to the supposed questionnaire PDF, their browser automatically downloads the viruses hidden on the page.
In this instance, Menlo Security found the PDFs had been spiked with malware ranging from identity-stealing viruses to ransomware designed to lock users out of their own data.
Mr Moore says: 'If anyone does download anything they should make sure they don’t click on the file in their downloads folder as this will execute the malware.
'It’s best to remove it and conduct a virus scan for peace of mind.'
5: 'Online Viagra'
Finally, cybersecurity experts have warned internet users to be careful while looking for Viagra or other similar medications while online.
This year, security researchers have found that thousands of websites have fallen prey to the 'pharma hack'.
In this hack, criminals break into poorly defended WordPress websites and fill them with links to fake pages advertising knock-off versions of branded pharmaceuticals.
Read More
China hacked Trump's defense attorney's cellphone months before election: report
Since Google registers these links as a positive sign the site is legitimate, the dodgy sites are bumped right to the top of the results page.
In a blog post, researchers from SolidWP found a very sophisticated version of the attack which disguised these dodgy links with the name of the hijacked website.
The researchers explained: 'By doing this, people genuinely believe they are clicking on a legitimate website that sells legal pharmaceuticals.'
Once the victim has been lured onto the site scammers can trick them into giving away personal information or sell them fake pharmaceuticals which could be harmful to their health.