Sign up to our newsletter
The latest security news direct to your inbox
Manipulating search results for trending topics like "Breaking Dawn" and "Taylor Swift" is a nasty phenomenon that is getting nastier, producing fraudulent and potentially costly results in response to innocent searches. As we described in our Search Poisoning video, the goal of this fraud is to trick people into loading web pages that they would not ordinarily choose to view. The consequences of these clicks can be anything from flaky advertising to malware infection to online scams that can cost you money in a matter of seconds.
Consider the Image results from a Google search for Breaking Dawn. For readers who are not trend-followers, Breaking Dawn is the title of the latest movie in the Twilight series, not loved by many film critics but recommended, according to USA Today, by 92% of moviegoers (which helps explain why it earned close to $140 million last weekend). In other words, lots of people, many of them teenagers, are currently interested in all things Breaking Dawn, including images of the characters, stars, and so on.
As you probably know, when you hover over an image result in Google, further information appears, like the size of the image and the address of the website from which the image is being displayed. (This information is not always accurate because some websites appearing in the search results are just link farms, pulling images from sites that they don't own, often in violation of copyright laws.)
Clicking an image in the search results takes you to a larger preview where there is a link to the website where the search engine found the image. Unfortunately, the pruprose of some of these sites is to bombard visitors with offers, adverts, software downloads and surveys, many of which have no connection to the content of the image you were looking for.
For example, if you click on a link to a website that is hosting an image related to Breaking Dawn but the website does not appear to have anything to do with Breaking Dawn, close the browser window right away. What can happen if you don't is unpredictable, but I have seen adult content presented with no warning. The example I am showing here was more modest, offering a chance to bail out before adult content was displayed, but this page appeared without prompting after I landed on a Breaking Dawn image search result; not exactly what you expect if you are pursuing an interest in a popular movies.
Some web browsers will sometimes prevent this type of misdirection, but they cannot be relied upon for protection. I got to all of the flaky pages shown in this post while using the latest verson of Firefox. The challenge of weeding out and blocking such sites is huge and the technology is just not there yet, which is why user education is so important, particularly when it comes to the fake survey scam.
In my recent research I found the poisoning of image search results for Taylor Swift was even more prevalent than for Breaking Dawn, with 2 out of the first 8 results affected. One element that the abuse of Taylor Swift images has in common with other SEO poisoning is survey scams. Here's an example of what one of these scams looks like (click on the image to see a full size rendering of the screen shot).
The general message is one of congratulations and urgency. The website has detected that my computer is in California and it is telling me that I am the survey winner for Friday, November 22, 2011. (In my excitement I nearly missed the fact that November 22, 2011 was not a Friday.)
Someone who is new to the Internet, or naïve, or simply eager to believe that their bad luck has changed, may also be tempted to overlook the fact that "survey winner" is not a very logical construct. So there is a good chance that they will press on by clicking on OK. Here is what they see next.
This screen is possibly reassuring to those hoping they are onto a good thing. There is some logic to the text and the date is correct. There is talk of prizes. There is urgency in the fact that only 23 out of 75 prizes remain.
In short, a person might be tempted to continue to the next stage, where the screen is even more professional and presents the great prizes on offer. These include things like an iPad 2, an iPhone 4S, and a $1000 Best Buy gift card.
So the hapless visitor presses on, eager to take the important sounding "2011 Annual Internet Survey." The only problem is, the survey consists of just 3 lame questions like "How often do you use the Internet?" If you take a moment to think about it, the answers to these questions are not worth $1000. But a bold "Submit" button appears below your answers to these questions and clicking that leads to the following screen, which is where your money is at risk.
The "survey" is asking for your cellphone number. The small print here is very small, and below the fold on most screens, but if you take the time to read it, which some people will not, the text says:
"This is an auto renewing subscription service that will continue until cancelled anytime by texting STOP to short code 82703. Available to users over 18 for $9.99 per month charged on your wireless account or deducted from your prepaid balance for 3 alerts per week."
In other words, you send them your cellphone number and they will put a charge of $9.95 on it, every month, until you say STOP. And what is that $9.95 for? The nature of the service on offer is not clear. The text at the top of the screen is garbled. Alarm bells should really be sounding by now but some people are going to ignore them. After all, they've just won a $1000 Best Buy gift card, so they submit their cell number in the expectation of collecting their winnings. Except there aren't any.
Nobody pays you $1000 to answer 3 simple questions about your Internet usage. You don't win surveys. Please let your friends and family know this, particularly anyone who might be tempted to enter your cellphone number into a form like this. And keep an eye on your kids when they go searching for images of their favorite singers or movies. The search results are poisoned and will remain so until the technology to prevent such malfeasance is perfected.
Author Stephen Cobb, ESET