If you type something in the Google search box, your data could be exposed, and sometimes it can attract law enforcement. Here is a recent report on the trails of seemingly harmless questions for Bengal Cats in Australia, the new hotbed of cybercriminals.
Sophos cybersecurity firm research shows that typing some simple phrases into Google can suck unknowing users into the trap of an exceedingly clever cyber attack. Specifically, users searching “Are Bengal Cats legal in Australia?” They have now become targets for a malicious attack by Gootloader malware.
The hidden dangers of casual searches
The risk of stealing personal data, such as banking details, comes when clicking on fraudulent links that usually appear on top search results. In addition, the malicious program can also lock users out of their devices, becoming more dangerous.
The specificity of the search makes it even more attractive in the eyes of hackers, as it appears these searches are being exploited. The practice known as “SEO poisoning” has allowed bad actors to manipulate search engine results, pushing harmful sites to the forefront. The search term — while innocuous — carries very major consequences for victims.
Real-world implications of careless queries
Hackers, law enforcement, and workplace IT departments are reviewing these search terms. In a disturbing incident, a couple in Long Island faced a police visit after one partner searched for a “pressure cooker bomb” alongside a “backpack.” The individual poking around pressure cookers and backpacks was sending alarm bells at the IT department of their employer, who subsequently arrived at their doorstep to deal with whatever threat may have been going on.
This incident is a good lesson that there is a very thin line between curiosity and what will be the consequence. Sometimes innocuous searches, like for a cooking appliance or a pet, can be security knocks from law enforcement.
Tips for protecting yourself during online searches
Here are five actionable tips to consider when navigating the search engine area:
- Be cautious of ads and unfamiliar links: You should always look at the links you click. Malware often ends up on devices from misleading ads and seemingly legitimate search results. Only stick to well-known sources and avoid anything that seems off.
- Utilize a VPN: A VPN scrambles your internet traffic so no third party can see what you are doing online. It helps you hide your IP address and protect your data.
- Enable SafeSearch: Google’s SafeSearch feature minimizes explicit or unhelpful content. This can help activate this feature and prevent you from browsing unsafe links.
- Limit personal data exposure: Stop collecting data by changing your Google account privacy settings. This can include shutting off location tracking or reducing or eliminating Google saves your searches.
- Consider private browsing: Getting into Incognito Mode ensures that Google keeps less data, and clearing up your browsing history can also ensure there’s less being tracked of your online activities.
With these precautions, users can ensure that they don’t both get the crap beat out of them by malicious entities and ensure that the local authorities don’t come to misunderstandings with them either.
SEO poisoning is no longer just a fad in the cyber threat landscape; it is a manifestation of a troubling trend in the cyber threat landscape, and it is an emergency signal that bad actors are exploring new and perhaps very dangerous areas of attack. As suggested by Sophos, “Criminals manipulate search engine results to push websites they control to the top of the page.” The lack of nefarious intent in searching for particular terms underscores a significant vulnerability: Seeking information isn’t always risky, but victims often don’t realize they’re putting themselves at risk.
Users should remain aware of these threats and keep their cyber hygiene in tip-top shape since the cyber landscape will remain fluid and change over time. Cybercriminals are always looking for new ways to attack the uninformed, but awareness and some proactive methods can help protect against such attacks.
Images credit: Furkan Demirkaya/Flux
