Search Engine Phishing is a relatively new type of phishing attack in which fraudsters don’t bother to send a targeted email. Instead, they create their own site offering cheap products or amazing deals and get it indexed by legitimate search engines. Online shoppers will find these sites popping up on a typical Google result page, and it can be very hard to tell the difference.
A site aimed at search engine phishing encourages users to hand over their personal information. It may ask you to register with a National Insurance number or it may rely on getting your bank account number for a purchase. This data can be used to rob you, hijack your identity, or destroy your reputation. Our privacy services at ReputationDefender will help protect against phishing sites with data suppression, ongoing surveillance and in-depth privacy reporting.
What to Look For
These are some of the common ruses sites use to attract victims:
· Amazing Discount/ Free Giveaway — These sites appear to be typical online retailers, but the products are fake and if you order something you will never get it. Instead, online fraudsters will take your money and probably your identity as well.
· Low Interest Rates/Free Credit Card — Beware of obscure banking institutions with impossibly low rates. These are likely fake sites designed to get you to register or even transfer money from other sources.
· Employment Opportunity — An online job search may pull up fake offers from companies that don’t exist. The application will ask for personal information, for example a National Insurance number or bank details. No company should need this until they hire you.
· Emergency Warnings — Some sites use emergency warnings to lure customers into downloading their products. Pop-up windows will tell you your computer has been infected with malware or your antivirus subscriptions are out of date.
Protect Yourself Against Search Engine Phishing
To avoid falling for search engine phishing, double check every company you work with. Be suspicious of products that are unusually cheap or hard to get. Don’t register for free offers, or if you do use an alias name and an email address that isn’t connected to any of your other accounts. Don’t give out your National Insurance number unless you’re sure it’s a legitimate company with a good reason for asking for it.
Check the source of any company offering you a job. Even if they send you to a legitimate website, this doesn’t mean the actual offer comes from that company. Verify the domain name and the ‘from’ address if you’re in communication, and make sure it matches what’s listed on the website. Try to keep your job searches limited to legitimate platforms and report any suspicious activity immediately.
It may seem like it’s easy to see through these scams when they’re laid out in a blog post, but in real life, if a site is offering a product you want or a job that sounds exciting, it can be hard to say no. If you’ve become a victim of search engine phishing, don’t hesitate to ask for help. Contact our security experts at ReputationDefender.