How Hackers Use Phishing to Game the System
We’ve all been there. Accidentally clicking on a popular search engine’s advertisement suddenly takes us to a sketchy website and something begins to flash across our screen, saying it’s ‘downloading malware prevention software’ or ‘scanning our computer for viruses’. Most of us have been using the internet for long enough to know that these scream bad news, and can easily make our computers unusable. So why are these links at the top of credible search engines, posing as something relevant to what we need to know? The use of phishing, “designed to trick you into clicking on a malicious attachment or visiting a malicious web site,” (Wired) is a big problem in today’s cybersecurity.
According to the article on Wired.com, phishing and spear-phishing, a type of phishing in which emails are sent specifically to trick whomever they are sent to into downloading malicious software, has been an issue recently in regards to security companies, Adobe Flash, and even the White House.
So how are these websites and fake emails gaming the system and manipulating their way into our search results and inboxes? Well, search engines certainly aren’t blatantly allowing it. Malware poses as legitimate websites, and is able to increase its list value in terms of search results enough to show up, becoming a more sought after hub. This is all part of search engine optimization, a tactic in which websites attempt to use key words such that they will pop up as results under as many searches as possible. Alternatively, a malware website can increase its PageRank by faking endorsements from other websites — for example, malware on Facebook might pose as a Facebook article, tricking the user to click on the link in a late night procrastination tactic, then redirect the user to a page in which his or her computer will start downloading a virus. Whether this be through posing as credible anchor text on a website, tricking the user into thinking the website is real, or sending supposedly high security emails that even a government official will accidentally read, these “phishy” websites are becoming progressively more sneaky as their technology becomes harder and harder to detect.