Scammers Continue to Use Google Alerts to Spread Malware
Cybercriminals Are Using Fake Data Breach Notifications to Hook Victims into Scams or Push Malware.
Back in 2019, Bleeping Computer CEO Lawrence Abrams found that threat actors are creating malicious sites into Google Alerts so they will be emailed to people who have alerts set for that particular subject matter. The malicious pages were created using popular keywords and based on trending topics.
Today, Abrams notes that Google Alerts continues to be a source of scams and malware that hackers are constantly exploiting to promote malicious websites. They are mixing black-hat SEO, Google sites, and spam pages to direct users to unsafe locations based on data breach information.
I use Google Alerts to monitor for various terms related to cyberattacks, security incidents, malware, etc. In one particular Google Alert, almost every new article shared with me today by the service led to a scam or malicious website, with two of them shown below.
According to Abrams, when you click on these Google Alerts, instead of being redirected to a legitimate page, you are brought through multiple addresses before a final site is reached, one promoting malware, fake adult sites, fake dating apps, adult games, giveaway and sweepstake scams, and unwanted browser extensions.
The scammers also used fake Adobe Flash update notifications to spread their malware. These fake alerts popped up in both Google Chrome and in Mozilla Firefox. Fake giveaways were also used by scammers to lure potential victims.
Image Source: BleepingComputer
Google Alerts users should be aware of this particular scam and know that going directly to the source instead of clicking on an unknown link is the best threat prevention.
The Identity Theft Resource Center has been tracking publicly-notified data breaches since 2005 and has the most comprehensive and the most readily available data breach information for publicly notified breaches. Any user that wants to fact-check about the latest information regarding a publicly reported breach is encouraged to access our resources to confirm any new circumstances.
Anyone who believes they might have fallen victim to a Google Alert scam can live-chat with an ITRC expert advisor, or can call toll-free at 888.400.5530. They can also download the free ID Theft Help App that will provide consumers and victims access to advisors, resources, a case log to track their steps, and much more.
To prevent falling victim to these Google Alerts scams, users should remain alert online, especially when clicking on links in search results, and keep in mind that if something seems too good to be true, it probably is.