Google top search engine at avoiding scams

Even search engines can get suckered by internet scams.

With a little sleight of hand, con artists can dupe them into giving top billing to fraudulent websites that prey on consumers, making unwitting accomplices of companies such as Google, Yahoo and Microsoft.



Online charlatans typically try to lure people into giving away their personal or financial information by posing as legitimate companies in "phishing" emails or through messages in forums such as Twitter and Facebook.



But a new study by security researcher Jim Stickley shows how search engines also can turn into funnels for shady schemes.



Stickley created a website purporting to belong to the Credit Union of Southern California, a real business that agreed to be part of the experiment.



He then used his knowledge of how search engines rank websites to achieve something that shocked him: His phony site got a No. 2 ranking on Yahoo's search engine and landed in the top slot on Microsoft's Bing, ahead of even the credit union's real site.

Google, which handles two-thirds of US search requests, didn't fall into Stickley's trap. His fake site never got higher than Google's sixth page of results, too far back to be seen by most people.



The company also places a warning alongside sites that its system suspects might be malicious.



But even Google acknowledges it isn't foolproof.



Some recession-driven scams have been slipping into Google's search results, although that number is "very, very few," said Jason Morrison, a Google search quality engineer.



On one kind of fraudulent site, phony articles claim that participants can make thousands of dollars a month simply for posting links to certain websites. Often, the victims are asked to pay money for start-up materials that never arrive, or bank account information is requested for payment purposes.



"As soon as we notice anything like it, we'll adapt, but it's kind of like a game of Whac-A-Mole," he said. "We can't remove every single scam from the internet. It's just impossible."



In fact, Google said that it is suing a company for promising "work at home" programs through websites that look legitimate and pretend to be affiliated with Google.



Stickley's site wasn't malicious, but easily could have been. In the year and a half it was up, the 10,568 visitors were automatically redirected to the real credit union, and likely never knew they had passed through a fraudulent site.



"When you're using search engines, you've got to be diligent," said Stickley, co-founder of TraceSecurity.



"You can't trust that just because it's No. 2 or No. 1 that it really is. A phone book is actually probably a safer bet than a search engine."



A Yahoo spokeswoman didn't respond to requests for comment. Microsoft said in a statement that Stickley's experiment showed that search results can be cluttered with junk, but the company insists Bing "is equipped to address" the problem. Stickley's link no longer appears in Bing.



To fool people into thinking they were following the right link, Stickley established a domain (creditunionofsc.org) that sounded plausible. (The credit union's real site is cusocal.org.)



After that, Stickley's site wasn't designed with humans in mind; it was programmed to make the search engines believe they were scanning a legitimate site.



Stickley said he pulled it off by having link after link inside the site to create the appearance of "depth," even though those links only led to the same picture of the credit union's front page.



The experiment convinced Credit Union of Southern California that it should protect itself by being more aggressive about buying domain names similar to its own.



Domains generally cost a few hundred dollars to a few thousand dollars each - a pittance compared with a financial institution's potential liability or loss of goodwill if its customers are ripped off by a fake site.



"The test was hugely successful," said Ray Rounds, the credit union's senior vice president of information services.



Stickley's manipulation illuminates the dark side of so-called search engine optimisation. It's a legitimate tactic used by sites striving to boost their rankings - by designing them so search engines can capture information on them better.



But criminals can turn the tables to pump up fraudulent sites.



"You can do this on a very, very broad scale and have a ton of success," Stickley said. "This shows there's a major, major risk out there."



Robert Hansen, a web security expert who wasn't involved in Stickley's research, said ranking high in search engine results gets easier as the topic gets more obscure.



An extremely well-trafficked site such as Bank of America's would always outrank a phony one, he notes.



Still, Hansen said, criminals have been able to game Google's system well enough to carve out profitable niches. He says one trick is to hack into trusted sites, such as those run by universities, and stuff them with links to scam sites, which makes search engines interpret the fraudulent sites as legitimate.



"I don't think we're anywhere near winning" the fight against such frauds, said Hansen, chief executive of the SecTheory consulting firm.



Roger Thompson, chief research officer for AVG Technologies, who also wasn't involved in the research, said search results can be trusted, for the most part.



"But the rule is, if you're looking for something topical or newsworthy, you should be very cautious about clicking the link," he said.



That's because criminals load their scam sites with hot topics in the news, to trap victims before the search engines have a chance to pull their sites out of the rankings.



"The bad guys don't have to get every search," he said. "They just have to get a percentage."



Consumers can protect themselves from scam sites by looking up the domain at www.whois.com, which details when a site was registered and by whom. That can be helpful if the web address of a phony site is similar to the real one.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Arts and Entertainment
Kara Tointon and Jeremy Piven star in Mr Selfridge
tvActress Kara Tointon on what to expect from Series 3
Voices
Winston Churchill, then prime minister, outside No 10 in June 1943
voicesA C Benson called him 'a horrid little fellow', George Orwell would have shot him, but what a giant he seems now, says DJ Taylor
News
i100
Sport
footballBrighton vs Arsenal match report
Arts and Entertainment
Benedict Cumberbatch has spoken about the lack of opportunities for black British actors in the UK
film
News
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Systems Analyst - Tunbridge Wells - £30,000

    £25000 - £30000 per annum: Ashdown Group: Junior Test Analyst/Systems Administ...

    Recruitment Genius: Software Developer - .NET, C#

    £40000 - £65000 per annum: Recruitment Genius: A Global Real Estate Software P...

    Recruitment Genius: Drupal / PHP Developer

    Negotiable: Recruitment Genius: This is an exciting opportunity for a talented...

    Recruitment Genius: IT Technical Support Engineer

    £17000 - £26000 per annum: Recruitment Genius: Due to continuing growth, recru...

    Day In a Page

    Iraq invasion 2003: The bloody warnings six wise men gave to Tony Blair as he prepared to launch poorly planned campaign

    What the six wise men told Tony Blair

    Months before the invasion of Iraq in 2003, experts sought to warn the PM about his plans. Here, four of them recall that day
    25 years of The Independent on Sunday: The stories, the writers and the changes over the last quarter of a century

    25 years of The Independent on Sunday

    The stories, the writers and the changes over the last quarter of a century
    Homeless Veterans appeal: 'Really caring is a dangerous emotion in this kind of work'

    Homeless Veterans appeal

    As head of The Soldiers' Charity, Martin Rutledge has to temper compassion with realism. He tells Chris Green how his Army career prepared him
    Wu-Tang Clan and The Sexual Objects offer fans a chance to own the only copies of their latest albums

    Smash hit go under the hammer

    It's nice to pick up a new record once in a while, but the purchasers of two latest releases can go a step further - by buying the only copy
    Geeks who rocked the world: Documentary looks back at origins of the computer-games industry

    The geeks who rocked the world

    A new documentary looks back at origins of the computer-games industry
    Belle & Sebastian interview: Stuart Murdoch reveals how the band is taking a new direction

    Belle & Sebastian is taking a new direction

    Twenty years ago, Belle & Sebastian was a fey indie band from Glasgow. It still is – except today, as prime mover Stuart Murdoch admits, it has a global cult following, from Hollywood to South Korea
    America: Land of the free, home of the political dynasty

    America: Land of the free, home of the political dynasty

    These days in the US things are pretty much stuck where they are, both in politics and society at large, says Rupert Cornwell
    A graphic history of US civil rights – in comic book form

    A graphic history of US civil rights – in comic book form

    A veteran of the Fifties campaigns is inspiring a new generation of activists
    Winston Churchill: the enigma of a British hero

    Winston Churchill: the enigma of a British hero

    A C Benson called him 'a horrid little fellow', George Orwell would have shot him, but what a giant he seems now, says DJ Taylor
    Growing mussels: Precious freshwater shellfish are thriving in a unique green project

    Growing mussels

    Precious freshwater shellfish are thriving in a unique green project
    Diana Krall: The jazz singer on being friends with Elton John, outer space and skiing in Dubai

    Diana Krall interview

    The jazz singer on being friends with Elton John, outer space and skiing in Dubai
    Pinstriped for action: A glimpse of what the very rich man will be wearing this winter

    Pinstriped for action

    A glimpse of what the very rich man will be wearing this winter
    Russell T Davies & Ben Cook: 'Our friendship flourished online. You can share some very revelatory moments at four in the morning…'

    Russell T Davies & Ben Cook: How we met

    'Our friendship flourished online. You can share some very revelatory moments at four in the morning…'
    Bill Granger recipes: Our chef serves up his favourite Japanese dishes

    Bill Granger's Japanese recipes

    Stock up on mirin, soy and miso and you have the makings of everyday Japanese cuisine
    Michael Calvin: How we need more Eric Cantonas to knock some sense into us

    Michael Calvin's Last Word

    How we need more Eric Cantonas to knock some sense into us