Google top search engine at avoiding scams

Even search engines can get suckered by internet scams.

With a little sleight of hand, con artists can dupe them into giving top billing to fraudulent websites that prey on consumers, making unwitting accomplices of companies such as Google, Yahoo and Microsoft.



Online charlatans typically try to lure people into giving away their personal or financial information by posing as legitimate companies in "phishing" emails or through messages in forums such as Twitter and Facebook.



But a new study by security researcher Jim Stickley shows how search engines also can turn into funnels for shady schemes.



Stickley created a website purporting to belong to the Credit Union of Southern California, a real business that agreed to be part of the experiment.



He then used his knowledge of how search engines rank websites to achieve something that shocked him: His phony site got a No. 2 ranking on Yahoo's search engine and landed in the top slot on Microsoft's Bing, ahead of even the credit union's real site.

Google, which handles two-thirds of US search requests, didn't fall into Stickley's trap. His fake site never got higher than Google's sixth page of results, too far back to be seen by most people.



The company also places a warning alongside sites that its system suspects might be malicious.



But even Google acknowledges it isn't foolproof.



Some recession-driven scams have been slipping into Google's search results, although that number is "very, very few," said Jason Morrison, a Google search quality engineer.



On one kind of fraudulent site, phony articles claim that participants can make thousands of dollars a month simply for posting links to certain websites. Often, the victims are asked to pay money for start-up materials that never arrive, or bank account information is requested for payment purposes.



"As soon as we notice anything like it, we'll adapt, but it's kind of like a game of Whac-A-Mole," he said. "We can't remove every single scam from the internet. It's just impossible."



In fact, Google said that it is suing a company for promising "work at home" programs through websites that look legitimate and pretend to be affiliated with Google.



Stickley's site wasn't malicious, but easily could have been. In the year and a half it was up, the 10,568 visitors were automatically redirected to the real credit union, and likely never knew they had passed through a fraudulent site.



"When you're using search engines, you've got to be diligent," said Stickley, co-founder of TraceSecurity.



"You can't trust that just because it's No. 2 or No. 1 that it really is. A phone book is actually probably a safer bet than a search engine."



A Yahoo spokeswoman didn't respond to requests for comment. Microsoft said in a statement that Stickley's experiment showed that search results can be cluttered with junk, but the company insists Bing "is equipped to address" the problem. Stickley's link no longer appears in Bing.



To fool people into thinking they were following the right link, Stickley established a domain (creditunionofsc.org) that sounded plausible. (The credit union's real site is cusocal.org.)



After that, Stickley's site wasn't designed with humans in mind; it was programmed to make the search engines believe they were scanning a legitimate site.



Stickley said he pulled it off by having link after link inside the site to create the appearance of "depth," even though those links only led to the same picture of the credit union's front page.



The experiment convinced Credit Union of Southern California that it should protect itself by being more aggressive about buying domain names similar to its own.



Domains generally cost a few hundred dollars to a few thousand dollars each - a pittance compared with a financial institution's potential liability or loss of goodwill if its customers are ripped off by a fake site.



"The test was hugely successful," said Ray Rounds, the credit union's senior vice president of information services.



Stickley's manipulation illuminates the dark side of so-called search engine optimisation. It's a legitimate tactic used by sites striving to boost their rankings - by designing them so search engines can capture information on them better.



But criminals can turn the tables to pump up fraudulent sites.



"You can do this on a very, very broad scale and have a ton of success," Stickley said. "This shows there's a major, major risk out there."



Robert Hansen, a web security expert who wasn't involved in Stickley's research, said ranking high in search engine results gets easier as the topic gets more obscure.



An extremely well-trafficked site such as Bank of America's would always outrank a phony one, he notes.



Still, Hansen said, criminals have been able to game Google's system well enough to carve out profitable niches. He says one trick is to hack into trusted sites, such as those run by universities, and stuff them with links to scam sites, which makes search engines interpret the fraudulent sites as legitimate.



"I don't think we're anywhere near winning" the fight against such frauds, said Hansen, chief executive of the SecTheory consulting firm.



Roger Thompson, chief research officer for AVG Technologies, who also wasn't involved in the research, said search results can be trusted, for the most part.



"But the rule is, if you're looking for something topical or newsworthy, you should be very cautious about clicking the link," he said.



That's because criminals load their scam sites with hot topics in the news, to trap victims before the search engines have a chance to pull their sites out of the rankings.



"The bad guys don't have to get every search," he said. "They just have to get a percentage."



Consumers can protect themselves from scam sites by looking up the domain at www.whois.com, which details when a site was registered and by whom. That can be helpful if the web address of a phony site is similar to the real one.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Arts and Entertainment
The Ridiculous Six has been produced by Adam Sandler, who also stars in it
filmNew controversy after nine Native American actors walked off set
Life and Style
Google celebrates Bartolomeo Cristofori's 360th birthday
techGoogle Doodle to the rescue
Life and Style
Drinking - often heavily - is a running theme throughout HBO's Game of Thrones adaptation
food + drink
News
Florence Welch from Florence + the Machine
people
News
people
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Software Developer - C# / ASP.NET / SQL

    £17000 - £30000 per annum: Recruitment Genius: Developer required to join a bu...

    Recruitment Genius: Software Consultant / 1st Line Support

    £15000 - £25000 per annum: Recruitment Genius: As your knowledge grows you wil...

    Ashdown Group: Systems Engineer - Linux - Central London

    £40000 - £48000 per annum + Benefits: Ashdown Group: Systems Engineer - Linux ...

    Recruitment Genius: Technical Support and Sales Engineer - UC / M2M / IoT

    £20000 - £30000 per annum: Recruitment Genius: This leading provider of Cloud ...

    Day In a Page

    Fishing for votes with Nigel Farage: The Ukip leader shows how he can work an audience as he casts his line to the disaffected of Grimsby

    Fishing is on Nigel Farage's mind

    Ukip leader casts a line to the disaffected
    Who is bombing whom in the Middle East? It's amazing they don't all hit each other

    Who is bombing whom in the Middle East?

    Robert Fisk untangles the countries and factions
    China's influence on fashion: At the top of the game both creatively and commercially

    China's influence on fashion

    At the top of the game both creatively and commercially
    Lord O’Donnell: Former cabinet secretary on the election and life away from the levers of power

    The man known as GOD has a reputation for getting the job done

    Lord O'Donnell's three principles of rule
    Rainbow shades: It's all bright on the night

    Rainbow shades

    It's all bright on the night
    'It was first time I had ever tasted chocolate. I kept a piece, and when Amsterdam was liberated, I gave it to the first Allied soldier I saw'

    Bread from heaven

    Dutch survivors thank RAF for World War II drop that saved millions
    Britain will be 'run for the wealthy and powerful' if Tories retain power - Labour

    How 'the Axe' helped Labour

    UK will be 'run for the wealthy and powerful' if Tories retain power
    Rare and exclusive video shows the horrific price paid by activists for challenging the rule of jihadist extremists in Syria

    The price to be paid for challenging the rule of extremists

    A revolution now 'consuming its own children'
    Welcome to the world of Megagames

    Welcome to the world of Megagames

    300 players take part in Watch the Skies! board game in London
    'Nymphomaniac' actress reveals what it was really like to star in one of the most explicit films ever

    Charlotte Gainsbourg on 'Nymphomaniac'

    Starring in one of the most explicit films ever
    Robert Fisk in Abu Dhabi: The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers

    Robert Fisk in Abu Dhabi

    The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers
    Vince Cable interview: Charging fees for employment tribunals was 'a very bad move'

    Vince Cable exclusive interview

    Charging fees for employment tribunals was 'a very bad move'
    Iwan Rheon interview: Game of Thrones star returns to his Welsh roots to record debut album

    Iwan Rheon is returning to his Welsh roots

    Rheon is best known for his role as the Bastard of Bolton. It's gruelling playing a sadistic torturer, he tells Craig McLean, but it hasn't stopped him recording an album of Welsh psychedelia
    Russell Brand's interview with Ed Miliband has got everyone talking about The Trews

    Everyone is talking about The Trews

    Russell Brand's 'true news' videos attract millions of viewers. But today's 'Milibrand' interview introduced his resolutely amateurish style to a whole new crowd
    Morne Hardenberg interview: Cameraman for BBC's upcoming show Shark on filming the ocean's most dangerous predator

    It's time for my close-up

    Meet the man who films great whites for a living