Every so often I sit and type words, concepts, sayings and the like into Google Images. The results can be interesting and helpful when thinking about new ideas for PR and digital marketing campaigns. Many of the results are far removed from the subject in question, and can be useful in thinking outside the box and inspiring creativity. Last week however, whilst searching for a picture of the new iPhone 5 (having been flagged in the press as being ‘misplaced’ in a bar by an Apple employee), I ended up being asked whether I’d like to pay for some sort of anti-virus protection that had just detected 103 Trojans in my system.
Having now read into this quite a bit, I have discovered that more and more unsuspecting users are being re-directed to malware or scareware (fake anti-virus) sites as a result of search engine poisoning (SEP). Online security firm Trend Micro estimated that in May 2011 more than 113 million users were redirected to malicious pages and that over 300 million searches had been re-directed in this way. Proponents of SEP specifically target the latest and most popular trends. Other recent examples include the death of Amy Winehouse, Charlie Sheen’s monkey business, and Bin Laden’s downfall.
Blackhat Search Engine Optimisation is the use of sneaky and unethical techniques to boost the rank of a malware page. New HTML is uploaded onto an already well-ranked website which re-directs users to places unknown. More importantly and less obviously, trends in SEP have shifted from text-based hijacking to image and video-based attacks. SEP methodology varies: credible sites are hijacked and analysed for hot keywords receiving a high number of hits; search engines’ sponsored links are manipulated to reference malicious sites; and new HTML is injected in the hijacked website.
The bandits behind this activity are recognised as a wide scale threat to search engine providers and e-commerce. SEP is likely to damage the site it manipulates in terms of both its reputation and its Google ranking. It’s harmful to the recipient of the scam whilst at the same time damaging to business. Using approaches that will shock, cause anxiety, or the perception of a threat, scammers are able to scare users into paying for fake AV software or installing viruses.
Protection against this type of threat is limited from an end-user perspective. However, it is likely that in order for this scheme to fully succeed a user will have to navigate further than the initial re-direct, at which point I would just close the browser. Technical precautionary options against SEP are limited. If, like me, a user enjoys a jaunt through the world of online visualisation and representation, then you may have to simply take the risk and have a swift exit plan prepared (i.e. the off button).