Search engine optimization (SEO) is used to boost the ranking of websites by ensuring they offer quality content and a good user experience.
But new research from global threat intelligence firm Cybersixgill shows, perhaps not too surprisingly, that similar techniques are being exploited by threat actors to boost trust in their sites.
Phishing sites are often only online for a limited period. Adi Bleih, dark web analyst at Cybersixgill, says threat actors use black hat SEO to bump their site’s position in search engines so that they can extract the most out of their phishing attacks and ‘hunt’ as many victims as they can in this small period of time.
Cyber criminals also use black hat SEO techniques to damage the reputation of legitimate sites. It’s easier for black hat marketers to get rid of their competitor than to build their own reputation. One way is to dupe their competitor’s customers by convincing them that they were hacked by visiting the competitor’s legitimate site.
There are also examples on the dark web of black hat SEO being offered on an as-a-service model to optimize pages, configurations and backlinks.
Bleih concludes on the company’s blog:
Threat actors are known to exploit legitimate techniques to their advantage, turning it from innocent best practices to malicious campaigns. Search engine optimization (SEO) is not different, and threat actors use black hat SEO to improve and optimize their phishing sites — by improving the site’s ranking and position in search engines and thus maximize incoming traffic.
We recommend carefully checking any url that you click, even if you’ve found it after searching Google. As we’ve emphasized in this piece, many threat actors use redirection links and other techniques in order to manipulate users and lure them into phishing pages.
You can read more on the Cybersixgill blog.