The desire to appear at the top of a search engine results page (SERP) gave birth to the entire practice of search engine optimization (SEO) beginning around 1991. Google's SEO guidelines soon became the de facto rules webmasters use to provide a “good user experience” to people searching for information. Unfortunately, some of those very same SEO guidelines are being used to poison Google search results and damage social media pages. Now, because social platforms have become such primary sources of information, hackers have shifted their attention to the users of social media and are using black hat SEO techniques to target users in yet another effort to deceive, damage and steal from people and companies.

How Black Hat SEO Works

Hackers, suspected to be in Eastern Europe, recently targeted people who do online banking, perhaps thinking the holiday season would be a good time to strike. However, rather than sending phishing emails, they used hacked servers run by legitimate businesses and built websites optimized for certain search terms banking customers would commonly use—search terms like "how to cancel a cheque commonwealth bank," for example. According to ZDNet's initial report, it appears the attackers targeted customers of Nordea Sweden, the State Bank of India, India's Bank of Barodia and Axis Bank, the Commonwealth Bank of Australia, and Saudi Arabia's Al Rajhi Bank.

When users enter any of the “poisoned” search terms, the attackers' bogus websites appeared in the search engine results page, often with several entries on the first page. In some cases the attackers chose to compromise servers run by businesses that had positive ratings and reviews, thus giving their bogus URL links even more credibility. Clicking on those links then redirected users to another site that downloaded the Zeus Panda banking virus, which can steal online banking credentials.

However, when using the Facebook search box to find a certain brand—which is the way frequent Facebook users most often search—Facebook delivers a list of results including fake pages the hackers have optimized using black hat SEO techniques. Those fake pages appear prominently because hackers use other fake accounts to “Like” the fake brand page, which puts the malicious page closer to the top of the list. Thus, Facebook's search feature has been gamed to guide users to imposter Facebook page, and from there to fraudulent sites. 

Same Technique, Different Targets

This same black hat SEO technique is now being used to send people to phony Facebook, LinkedIn and other social media pages. Some of them attempt to download malware while others redirect users to social media pages designed to do damage.

It's not difficult to create a fake Facebook page. Building it to look like the real page for a business or a person can be done in less than an hour. Attackers may create a fake page for, say, a financial or healthcare institution that encourages unhappy customers to boycott or to post complaints about the company; to post false information designed to hurt the company, to drive customers away and to discourage new prospects from becoming customers. Top executives and officers of a firm can be targeted as well as celebrities and others who are widely known to the public.

What the Attackers Want

Most cyber attackers, sometimes called “hacktivists,” are in business for one of three reasons. They may want to get revenge against a person or company for some event or action the attacker considers worthy of punishment.

Second, some cybercriminals hold strong beliefs and opinions—they could be moral, religious, political or deeply personal. They perform their cybercrimes to publicize their beliefs online where others will see them and take note.

For the most part, though, cybercriminals involved in black SEO are in business to make money. They consider their phony websites “assets,” where each site becomes a virtual income stream.

How to Defeat the Black Hat SEO

It is crucial that every company be equipped to identify, discover, and take action across its digital and social media presence to ensure its brand is being properly represented. SafeGuard Cyber offers that protection on a continuous basis, which is important because new accounts and new employees are constantly being added to social networks and new digital channels.

SafeGuard Cyber is the only software tool that provides security across all the relevant social channels. To combat black hat SEO campaigns, we can identify the fake accounts associated with your brand and take them down.

Safeguard Cyber archives, analyzes and takes action on more than a dozen of the most popular social and collaboration networks, scanning for content that may pose a risk or threat to your organization. Your staff, your partners and the public can continue posting to social media while our platform monitors in real time and gives your teams the ability to take action when imposter content is submitted.

We're here to help. Contact us today to request a free digital risk assessment.

 

Sources:

http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html

http://www.zdnet.com/article/google-search-results-poisoned-by-banking-trojan-attackers-clever-seo/

https://www.techrepublic.com/blog/it-security/profiling-and-categorizing-cybercriminals/

Otavio Freire

Otavio Freire

RELEVANT ARTICLES

Key Takeaways from RSA Conference 2019

How Hackers Use Social Media to Profile Their ...

Why Securing Social Media is Critical for ...

See how we can help your business today.

SEE IT IN ACTION