Here’s a method to steer clear of getting caught by fake websites that scammers can thrust right to the peak of your search results
10 Apr 2025
 •Â
,
4 min. read
When did you last search for something using Google Search, Bing, or another entrance to the vast expanse of the internet? Quite a trivial inquiry, isn’t it? It might have been moments ago and possibly it’s also how you stumbled upon this blogpost.Â
Others embarking on online searches, however, may encounter less desirable outcomes. In what way? Our inclination to trust blindly and click on top search outcomes has become so foreseeable that it can be exploited and employed against us.Â
Manipulating the system
There are numerous cautionary instances readily available, and I recollect one that is too peculiar not to reference: certain Australians who recently sought information on the legality of Bengal cats in the nation were not presented with clear information on pet regulations; instead, they inadvertently put themselves at risk of having their data stolen following a series of events triggered by a click on a top search engine outcome.
However, even if you lack an interest in cats, be aware that even a simple search inquiry may spark trouble. Certain cybercriminals have been utilizing strategies for years now that can thrust deceitful websites masked as genuine to the top of individuals’ search results, typically utilizing either SEO poisoning (also referred to as unethical SEO) or, more frequently, harmful search ads.
An elaborate case of ‘SEO deception as a service’ was unveiled by ESET researchers in 2021 after they uncovered a formerly undocumented server-side trojan that distorted search engine outcomes by harnessing the credibility of the websites it compromises. Comparable campaigns were recently identified.
In another instance, ESET researchers pinpointed a campaign that incorporated ads in Google search outcomes directing victims to deceptive websites that mimicked those of prevalent software, such as Firefox, WhatsApp, or Telegram. The ultimate objective was to acquire full control of the compromised devices.
The threats are not overlooked by Google, naturally. According to its most recent Ads Safety Report, in 2023 the company “blocked or removed over 5.5 billion ads, slightly up from the prior year, and suspended 12.7 million advertiser accounts, nearly double from the previous year.”
Nonetheless, some dangers still slip through. Hence, it is wise to be aware of the risks present in both organic and paid search outcomes, and how to distinguish the valuable from the worthless.Â
Concealed in plain viewÂ
The recent surge in popularity of AI tools has opened up novel hunting grounds for scammers, instigating schemes where run-down artists purchased ads for bogus ChatGPT websites that redirected individuals to sites siphoning off credit card details. The below site exhibited logos of real OpenAI partners, potentially duping even numerous technologically adept victims. A similar scenario unfolded with other AI tools, including most recently when DeepSeek burst onto the scene.
ESET researchers in Latin America recently detected a sophisticated campaign that mimicked the La Veloz del Norte bus company promotions and targeted Argentinians looking for long-distance bus tickets. Travelers who inputted their details on the fake site unwittingly surrendered both login credentials and banking information to cybercriminals.
Financial services are notably high-value targets. In 2022, ESET researchers in Latin America alerted the populace to scams impersonating Mastercard through ads.
Remaining secureÂ
Primarily, keep in mind that prominence in search outcomes does not always imply authenticity. Furthermore, it is highly probable that numerous individuals fail to differentiate between organic outcomes and advertisements, enabling criminals to exploit this, particularly through malvertising campaigns targeting individuals who, for instance, search for software.
In certain situations, fraudsters may register a typosquatting or similarly named top-level domain to that of the software provider to deceive the victim, as was the scenario here with telegraem[.]org. This is why you should refrain from mindlessly clicking on whatever is at the top of your search page. Instead, scrutinize the URLs carefully and watch out for any signs of deception. Apply the same level of vigilance if you are availing Google’s AI search functionalities, as scammers continue to refine their methods and invent new methods of promoting sites that push scams and malware.
Protect your digital accounts with secure and distinct passwords or passphrases, and with two-factor authentication. Employ reputable security software that can pinpoint and restrict access to malicious domains, thereby furnishing an extra layer of defense against deceitful search outcomes.
Moreover, Google itself furnishes tools to examine the outcomes, like accessing particulars by clicking the three dots beside sponsored listings, which can unveil inconsistencies between claims and the actual identity. If you suspect encountering a sketchy site, you can report it to Google.
Final thoughtsÂ
We’ve all performed it countless times: entered a query, perused results, clicked on one of them, ‘got the gist’, and moved forward. Though conventional search engines are increasingly rivaling ChatGPT and AI-generated search synopses, the classic search-and-click routine is improbable to vanish anytime soon. Old habits linger, and the perils persist. Search cautiously.
About Author
