Google is the most popular search engine on the internet. However, some common search habits of users have given hackers the opportunity to carry out fraudulent activities to access and steal personal information or important data via Google. Are you guilty of these habits when using Google search, and how can you protect yourself from phishing attacks? Let's find out in the article below.

Scams through Google search

Google displays search results based on the keywords provided by users. Articles that are most relevant to the keyword or contain the search terms will appear at the top of the page. Websites that are well-optimized for search engines (SEO - Search Engine Optimization) are prioritized by Google to appear at the top of search results. Additionally, sometimes websites that buy ads on Google are suggested at the top of the display page, even though they are unrelated to the search terms.

See more: Potential risks when logging in with Google or Facebook accounts

Users often have the habit of clicking on search results at the top of the page, thinking that they are the most relevant information. Some people, not wanting to waste time searching, fail to filter information properly and simply view the latest displayed articles, without paying attention to the domain or the credibility of the website. These habits, along with hackers understanding Google’s algorithms, allow cybercriminals to easily engage in information theft and unauthorized access to user accounts through scams such as:

1. Malicious SEO: Hackers create fake websites and use SEO optimization tricks to make these sites appear first in search results for popular keywords, quickly reaching users.

2. Phishing websites: Hackers create websites with interfaces identical to government, bank, or popular social media sites to deceive users into logging into their accounts to access the fake website.

3. Buying Google ads: Purchasing ads to have harmful, fraudulent websites prioritized, leading users to mistake them and click on them.

4. Installing malware: Through phishing websites, hackers ask users to download harmful files or enter information to install malware and gather sensitive data.

The harm of malicious search results

The scams carried out by hackers have led users into the trap of malicious searches, resulting in unwanted consequences that affect both their finances and reputation. When users access fake websites displayed at the top of the search results, they are often prompted to provide login credentials or account information to the criminals. With this stolen information, hackers can illegally access accounts and carry out unlawful transactions, causing financial losses and damaging the user’s reputation. Furthermore, hackers may also infect the system with malware or ransomware attacks, affecting the user’s device, which could take a significant amount of time to recover from.

See more: The harm of ransomware malware to businesses and effective protection methods

Advice for users 

Given the increasing rate of cyberattacks, users need to be cautious and pay attention to the following when using Google search tools:   

Check the website address before accessing

Users should check the URL before accessing a site and examine the domain name of the website in the search results. Avoid clicking on unfamiliar or unusual domain names with extensions like .xyz, .tk, etc.

Prioritize trusted or familiar websites

Never visit suspicious websites that might be fraudulent. Only visit reputable sites with official domains such as .com, .org, .gov, etc.

Avoid entering sensitive information on untrusted websites

Users should refrain from logging into accounts or providing any sensitive information on unfamiliar or unsecured websites.

Be cautious with file download requests

Some fake websites may ask users to download files to access needed information. Users need to be cautious before downloading and should be especially wary of file names like .exe, .bat, .scr, .js, .vbs.

Enable two-factor authentication 

Security experts consistently recommend enabling two-factor authentication (2FA) and combining it with a physical security key like YubiKey for enhanced security against phishing attacks. YubiKey uses the FIDO2/WebAuthn protocol, supporting passwordless authentication and ensuring that the security key works only with the legitimate websites you've registered with. Only the legitimate owner of the key can access the account.

See more: What is YubiKey? Things You Should Know About YubiKey Security Key

Google is a helpful search tool but can pose risks if users aren’t careful. Increasing awareness, exercising caution when accessing websites, and applying security measures are the best ways to protect personal information. Use the Internet safely and wisely to avoid becoming a victim of phishing attacks.

Source: VTV Online