What is phishing in a search engine?
Search engine phishing, also known as SEO poisoning or SEO trojaning, occurs when cybercriminals manipulate search engine results to make their malicious site appear as the top result. When you click on the link shown in the search engine, you are redirected to the attacker’s website. The malicious actors can then steal your information when you interact with the site or enter sensitive data. These fake sites can impersonate any type of website, but the main targets are banks, money transfer services, social networks, and shopping sites.
Source: Trend Micro
What is SEO?
SEO (Search Engine Optimization) refers to all the techniques used to improve a website’s ranking on search engine results pages (SERPs). It is also known as natural or organic referencing. The goal of an SEO expert is to improve the visibility of the websites they manage by helping them gain higher positions on search engines (Google, Bing, Yahoo!, etc.). A site is considered well-optimized if it appears among the top results for the targeted queries, making it easier for users interested in certain products, services, or content to find it.
Source: SEO.fr
Examples of phishing in search engines
1. SEO poisoning used for fake shopping sites (2024)
In 2024, Trend Micro, in collaboration with Japanese authorities, analyzed several malware families used in SEO poisoning attacks that redirected users to fake shopping websites. Their research identified three groups of malicious actors, each using distinct malware families—one group even using several at once.
Source: Trend Micro
2. Fake software downloads
During multiple campaigns, cybercriminals managed to appear at the top of Google search results using hacked or spoofed websites offering downloads of popular software such as WinRAR, VLC, or Notepad++. When users clicked these links, they were taken to a page that looked identical to the official site, but the “Download” button delivered a malicious file instead of the real software. This technique was effective because users tend to trust the top results in search engines, allowing attackers to install malware discreetly on victims’ computers.