Scammers Abuse Trust in Google Alerts, Bypass Filters

By on Apr 12, 2016

We all like to be in the loop, especially when it comes to the news. Facebook notifications, news channels, and a smorgasbord of competing media conspire to bring us the latest, on-demand information we crave. But there’s a critical issue with our addiction to breaking news: this demand, especially from trusted resources, can lull us into a false sense of security. And when we are trusting, cybercriminals strike. In an effort to capitalize on this, cybercriminals have gamed Google Alerts, deploying phony “Seals of Approval.”

Google Alerts, which scours the Internet for the latest news on a topic of your choosing, sends email notifications directly to your inbox based on a pre-determined set of keywords. By weaving a variety of keywords and brand names throughout their illegitimate domains, suspicious businesses and spammers can deliver links to their websites straight to your inbox.

For example, Kiplinger, a well-known personal finance and investing magazine, noticed a few suspicious websites that pop up in correlation with its name in Google Alerts. One questionable site, pictured below, curates Kiplinger social media feeds to draw people in before overwhelming them with inappropriate, likely malicious advertisements—or malvertisements.

scoopnest

Another website, pictured below, uses the McAfee SiteAdvisor™ seal to appear legitimate. The site in question sells itself as a writing service through which high school and college students can pay for essays.This business by its nature, and the various forum discussions I’ve tripped across online, is clearly operating a scam worth avoiding. It robs students of not only their money, but also the writing practice they need.

witness the evolution

So what can you do to protect yourself from scams, spam and malware, even when using a trusted source? Well, here are a few general tips to consider:

  • Watch that URL. The Uniform Resource Locator (URL) is the address book of the Internet. Cybercriminals try to abuse it by using website addresses that are almost, but not quite, the address people are actually looking for. Avoid malicious links by looking at the URL address. For example, one clear indicator of a phony URL is misspelling (e.g., mckafee.com).
  • Narrow your search. Services like Google Alerts are immensely helpful to us users, but you should take care to adjust its default search parameters. Instead of having the service scour the entire Web for a topic of your choice, limit your alert sources to “news” and “blogs.” You can also refine alerts by country, and various other factors based on preference.
  • Report spam. Did a service accidentally direct you to spam, or a scam-ridden website? Report it. By reporting suspicious sites, you’re helping to make the Web a safer place to browse. You can find Google’s spam reporting tool here.
  • Use comprehensive security. Sometime, despite our most conscious efforts, we accidentally wind up on sites brimming with malware. For those times, we have McAfee LiveSafe™, a comprehensive security solution. It actively scans websites, and your computer, for malware — disinfecting the Web as you browse it, or warning you of dangerous pages as you come across them.

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs