Cybercriminals have learned to spoof even the most popular websites — and you may not even notice.
Hackers are increasingly using search engine manipulation techniques to lure users to malicious websites. These include both “black-hat SEO” tactics and paid advertisements — all with the goal of pushing harmful content to the top of search results.
This tactic is known as SEO poisoning. Criminals disguise malicious content as legitimate websites, exploiting trust in well-known brands. Several campaigns have been uncovered where fake sites mimicked official download pages for popular applications such as Firefox, WhatsApp, and Telegram, stealing sensitive information from unsuspecting users.
Researchers at ESET analyzed campaigns where scammers promoted fake ads on Google to lure victims to fraudulent sites. Some of these sites were capable of completely taking control of victims’ devices.
The financial sector remains a particularly attractive target. In 2022, there were reports in Latin America of malware campaigns posing as Mastercard, distributing malicious ads. Another case involved a phishing attack disguised as the Argentine bus company La Veloz del Norte, where users trying to buy tickets had their personal and payment data stolen.
Artificial intelligence has opened new doors for attackers. Scammers now actively use fake AI-based service ads, including counterfeit ChatGPT websites. Their goal is to collect credit card data. These fake websites often feature the logos of well-known partners to appear more convincing.
Search engines are working to combat this trend. According to the Google Ads Safety Report 2023, more than 5.5 billion ads were blocked or removed by Google. Still, some threats continue to slip through.
To minimize risks, experts recommend:
- Carefully checking website URLs before clicking
- Using antivirus solutions
- Enabling two-factor authentication
- Verifying ads using Google’s built-in tools
Manipulation of search results highlights just how important it is to stay cautious with every link you click. Despite technological progress and the rise of AI, traditional search remains popular — and so does the risk of falling for malicious sites.