Reportedly, the Google alerts continues to be used for scams and malware distribution. Threat actors are increasingly abuse Google alerts spoofing to promote malicious websites.
Since Google alerts is being abused by many threat actors for a long time, many experts have discovered such activities are being increased day by day.
When a user end up opening such fake Google alerts, they get redirected to certain series of websites which keeps promoting rogue software adult sites, fake dating apps, games, and many more vicious contents, rather than a legitimate website.
Unfortunately, no matters you have configured Google Alert only to show you desired results, the scam based alerts will just intend you to open vicious or malicious online sources to infect your machine drastically.
How Google Alerts Spoofs Work?
According to researchers, the fake Google Alerts are deceiving Google to think they are legitimate sites rather than vicious ones. The actors are actually using actually black hat SEO technique which is known as Cloaking.
If you are not aware of Cloaking, it’s a technique in which a website use to serve different content to users rather than search engine spiders.
With the help of this black hat SEO technique, the hackers easily manage to show their website look like a plain text or a typical blog post, when search engine spiders visit the page. But, when a user open such pages, it performs malicious redirects to unwanted or unsafe pages.
Such pages are specifically developed by cyber crime master minds to install malware. Once the installation is done, a headless Chromium browser is started to run in system background and performs suspicious activities which utilizes the CPU of system for more than 27 percent.
Since Google is never shown the redirect to malicious websites, the page is added to search index, and whenever a user searches for such keywords, Google Alert is fired off to anyone.
In such instances, it’s really hard for users to identify such malicious URLs, unless they visit the site or their preinstalled security app blocks the page.