Poisoned Searches – A Launching Point Into Trouble

It has happened to us all at one point or another, where we search something on a search engine, click on the top result, and the next thing we know, we are getting popups telling us to contact tech support that our machine is infected.  Immediately, we go into panic mode thinking that all our files, folders, pictures, etc are summarily being stolen, or worse, deleted.  Most of these types of attacks have not infected the computer at this point, but are designed to scare you into clicking the OK button.  That is where the fun will begin.  However, with a little bit of knowledge, you can get around these attacks, and get on with your life.

First, we need to understand that search engines list search results based on several factors.  One of those is that companies pay them to have their business listed at the top, which means people will click on those results first, versus scrolling down the page.  For example you may see the address www.amazon.com and it will say (Sponsored) in the link.  However, hackers, scammers, and what I like to call them, scum, will hijack these results, strictly to separate you from your money.  They essentially write computer program code that instead of going to www.examplesite.com, you wind up at a different web address that pops up the alert stating your computer is infected, and that you need to click OK to connect to “Microsoft Support.”

If the above happens to you, understand this.  Microsoft does not proactively monitor or otherwise try to help you if you get a virus.  They are never going to know you are infected, and if you need their support, you must contact them at their number.  With modern hijacks like this, the attacker/scammer wants you to click that OK button, because that will start a remote session where someone connects to your computer.  In such a scenario, you can be assured that they will either start stealing information from your machine, or, they will launch a virus code that will encrypt your files on your computer, and then they will demand a ransom from you to unlock and access your files.

Second, another thing you need to understand about search results, is when you are needing technical support.  For example, a computer user I know recently needed help with his Yahoo email account being reset.  He went to Google searching for “Yahoo’s Support Phone Number”, and lo and behold, it was at the top of the results.  However, when he called the number, the person on the other end of the phone was not from Yahoo, unbeknownst to him, and he directed him to go to a website and download a program that remotely connected him to his machine.  Thankfully, he got wise enough and severed the connection.

I mentioned this because most of the technical support out there today is done by going to a company’s website, and filling out a support ticket webform, or contacting them at an email address.  In this situation that happened above, a group of scammers created a webpage, that got cached by the search engine, but that had a fake number for support.  Even if they answer “Yahoo Support” I can tell you that Yahoo does not have a phone center to contact for help.  Also, a legitimate support outlet for a company will email you a confirmation shortly after requesting help, usually with a ticket number, and a phone number to call in.  Also, if you ever call a number you searched, and they do not answer something like, “Thank you for calling (insert business name)”, that’s a clear indicator you are talking to scammers.  Hang up.

So what is a person to do?  In my experience, I highly recommend to never click on search results that have the words “sponsored” or “paid ad” listed in the result.  These are just breeding grounds for hackers and scammers, and it’s just not worth it.  About one month ago, there was one listed for Amazon, that literally for a couple of days, that poisoned search result stayed up.  I wonder how many were goaded into scam support sessions?  Sadly enough, probably a lot.

Another thing you can do, and this mostly applies to business is, if you are needing support with your computer, a program you use, or anything technology related, and you have a help desk in place, please, submit a ticket to your helpdesk.  As an IT Professional, I am constantly amazed that there are procedures in place that clearly state, “All requests for support must be submitted to support@abc.com”, and yet employees will try to resolve their own issues, which more often than not, lead to bigger problems.  Those situations again, are just one Google search away from kicking off.

Finally, vigilance and awareness, more than anything else, will go a long way to keeping you from hitting a poisoned search result.  Look at the search result, and before clicking on the link, hover your mouse over the link.  What will pop up is a complete showing of the URL, and if that URL does not have the name of the company or site you are trying to reach in it, you probably do not want to click on that.

Poisoned search results are a pain for sure, but with the knowledge above, you should feel confident you can navigate the minefields that idiots layout for unsuspecting users.  Awareness of what you are looking for, and awareness of what results are returned to you will go a long way to keeping your PC healthy, happy, and more importantly, safe.


One thought on “Poisoned Searches – A Launching Point Into Trouble

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s