Cyber criminals using SEO to plant malicious PDFs on search engines

11 May 2022
by Archie Williamson
1 min
Cyber criminals using SEO to plant malicious PDFs on search engines

Cyber criminals are using black hat SEO tactics to rank malicious files in search engine results and target unsuspecting users.

The latest Global Cloud and Malware Trends report from Netskope found criminals are turning to search engines as a new outlet for sophisticated attacks, amid a 450% rise in phishing downloads.

Instead of the white hat SEO techniques that marketers use to rank relevant content organically, attackers are leveraging more nefarious techniques to increase the visibility of “bad” PDF files.

When a user clicks on these files, they download malware that can compromise their security and expose personal information and sensitive data.

This poses a major risk to organisations, especially as a separate report found 83% have been the target of email-based phishing in the past.

The increasing popularity of phishing in search engines suggests businesses will need to be more proactive to protect employees and keep data safe.

“People know they should be wary of clicking on links in email, text messages, and in social media from people they don’t know. But search engines? This presents a much harder challenge,” Netskope’s Ray Canzanese said.

Canzanese has urged security teams to use web filtering and deploy software that can decrypt and scan web traffic to ensure it is safe.

Employees should also be made aware that malicious links are now present on search engines, as well as in emails, social media and text messages.

Canzanese also advised users to report bad URLs to Google as they can take action and remove them, which will prevent other victims from being duped.


Have a question?