Scammers Abuse Trust in Google Alerts, Bypass Filters

We all like to be in the loop, especially when it comes to the news. Facebook notifications, news channels, and a smorgasbord of competing media conspire to bring us the latest, on-demand information we crave. But there’s a critical issue with our addiction to breaking news: this demand, especially from trusted resources, can lull us into a false sense of security. And when we are trusting, cybercriminals strike. In an effort to capitalize on this, cybercriminals have gamed Google Alerts, deploying phony “Seals of Approval.”

Google Alerts, which scours the Internet for the latest news on a topic of your choosing, sends email notifications directly to your inbox based on a pre-determined set of keywords. By weaving a variety of keywords and brand names throughout their illegitimate domains, suspicious businesses and spammers can deliver links to their websites straight to your inbox.

For example, Kiplinger, a well-known personal finance and investing magazine, noticed a few suspicious websites that pop up in correlation with its name in Google Alerts. One questionable site, pictured below, curates Kiplinger social media feeds to draw people in before overwhelming them with inappropriate, likely malicious advertisements—or malvertisements.


Another website, pictured below, uses the McAfee SiteAdvisor™ seal to appear legitimate. The site in question sells itself as a writing service through which high school and college students can pay for essays.This business by its nature, and the various forum discussions I’ve tripped across online, is clearly operating a scam worth avoiding. It robs students of not only their money, but also the writing practice they need.

witness the evolution

So what can you do to protect yourself from scams, spam and malware, even when using a trusted source? Well, here are a few general tips to consider:

  • Watch that URL. The Uniform Resource Locator (URL) is the address book of the Internet. Cybercriminals try to abuse it by using website addresses that are almost, but not quite, the address people are actually looking for. Avoid malicious links by looking at the URL address. For example, one clear indicator of a phony URL is misspelling (e.g.,
  • Narrow your search. Services like Google Alerts are immensely helpful to us users, but you should take care to adjust its default search parameters. Instead of having the service scour the entire Web for a topic of your choice, limit your alert sources to “news” and “blogs.” You can also refine alerts by country, and various other factors based on preference.
  • Report spam. Did a service accidentally direct you to spam, or a scam-ridden website? Report it. By reporting suspicious sites, you’re helping to make the Web a safer place to browse. You can find Google’s spam reporting tool here.
  • Use comprehensive security. Sometime, despite our most conscious efforts, we accidentally wind up on sites brimming with malware. For those times, we have McAfee LiveSafe™, a comprehensive security solution. It actively scans websites, and your computer, for malware — disinfecting the Web as you browse it, or warning you of dangerous pages as you come across them.


Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top