Black Hat SEO strategies; “COVID-19” themed campaigns spread spam content and click-bait

SEO plays an essential role in getting the most significant number of Internet users to access relevant information on popular subjects. Unfortunately, however, it has also been playing a vital role in spreading malware to as many unsuspecting user systems as possible.

Setting up dubious link-building schemes and increasing their online presence is one of the typical Black Hat SEO strategies. This is one of the expensive tasks criminals redirect to take shortcuts and misrepresent good and reputable sites.

Nowadays, topics don’t get any hotter than Coronavirus, which leads the spammers to sow clickbait or SEO to stay on top of the hot topics.

The operator hacked a few sites belonging to the US government agencies, education institutions and international non-profit organisations. The list of victims includes the National Institutes of Health, UNESCO and Arizona State University.

Multiple click-bait link posted on UNESCO’s official website

Researchers from Cyble discovered the multiple click-bait links posted on the webpage of UNESCO’s official website, which is used for sharing information by fellow Policy Practitioners.

The Department of Homeland Security declared the notorious Emotet malware as one of the most destructive malware found in the clickbait links posted in UNESCO’s E-team web page.

The links we’re used to luring the visitors into spying onto other accounts. When the visitors click on these links or posts, they are redirected to a malicious website where they are asked to enter the username and emails. After collecting the information, it requests for payment from the visitor to show fake results. The attacker uses the data to hack.

After further analysis, researchers identified the malicious URLs to be spreading Emotet banking malware, also known as Geodo and Mealybug.

US govt sites redirect users to NSFW Content 

In late July 2020, security enthusiasts ran into a massive wave of black hat SEO linking legitimate Google search results with links to pornography sites.

This abuse logic revolves around what’s known as open redirects, also known as unverified redirects and transfers. Open redirect is an URL that anyone can use to redirect a visitor to a website of their preference.

Here, criminals create malicious URLs that look identical to the trusted domain names listed in SERP. Thus this infuses confidence that web resources are safe. However, when clicked, it redirects the user to an unwanted page instead.

A sample structure for such a link is: hxxps: //www.legitimatesite.gov/login.html? url = https://malicioussite.com. On Google, only the .gov domain does not emit red light.

The web resources manipulated in this scheme include the Louisiana State Senate, Commodity Futures Trading Commission, and the Colorado Department of Higher Education sites.

It is still unknown how the SEO scammers are inducing these links into search engines. The only good news is that these websites were abused to only redirect users to harmless (still embarrassing) NSFW material rather than hazardous malware or phishing campaigns.

Coronavirus-themed comment spamming 

There is a high rise in using the COVID-19 theme, being used for online popularity. 

The campaign is built to spread spam content and drive unsuspecting users to dubious online drug stores.

Bot operators are using technology to exploit the public’s need for medical information by polluting their online search results with fake and meaningless websites, including popular medical discussion forums. 

Scammers will benefit from this tactic in two different baits. The first is clickbait, where the users are anxious about Coronavirus, and tricked into clicking the embedded links and even ordering their products.

The second is for SEO purposes– from last few weeks Coronavirus is the highly used term, these spammer’s sites contain a large number of keywords that tend to fit in the context of COVID-19, so Google lists them top of SERPs.

Another sophisticated technique used where from a comment placed on a random site, unsuspecting users were taken to a hijacked “neutral” site made to look like a Coronavirus information resource – including a (copied) real-time map of the virus’s progress – and then further lead on to a notorious online drugstore.

What are the cautious actions to be taken?

  • Always follow safe browsing habits.
  • Download and install the latest patches.
  • Always stay alert of the latest threats.
  • Install an effective security suite.

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin, and Twitter.

You may be interested in reading: How to Survive the COVID Time Cyber ​​Security Threats?

The post Black Hat SEO strategies; “COVID-19” themed campaigns spread spam content and click-bait appeared first on SecureReading.

Translate »