Cybercriminals have found a way to use Google Alerts to hook victims into scams or push malware.
Bleeping Computer CEO Lawrence Abrams found that malicious actors are creating malicious sites into Google so they will be emailed to people who have alerts set for that particular subject matter. The malicious pages are created using popular keywords and based on hot topics.
“For example, as we publish a lot of ransomware news, I have a Google Alert setup for Ransomware. Knowing that users are desperate for decryptors, the bad actors create fake spam pages containing blobs of text containing keywords related to a particular decryptor that may be affecting a lot of users at the time,” Abrams wrote.
When the alert is clicked in the email, or even if the malicious page is clicked in a Google search, the target is taken to a malicious site.
The people behind these scams are creating fake pages centered on a variety of topics ranging from tech, to entertainment to holiday shopping, Abrams noted.
“The best way to protect yourself from these types of low quality and malicious sites, is to specify you only want the "best results" when creating the alert. This can be configured under the alert options at the top of the Google Alerts page,” Abrams suggested.