Cybercriminals are using an old but effective trick for the new scam. Hackers are installing the malware with a technique called Search Engine Optimization (SEO) poisoning.
How Does an SEO Poisoning PDF Scam Work?
SEO poisoning manipulates search engine algorithms. Cyberattackers utilize keywords to drive their malicious page or material to the top of search results. For this scam, hackers stuffed PDFs with over ten pages of relevant keywords, which ranked them high at the top of search engine results, Microsoft Security Intelligence said in a series of tweets. Cybercriminals used PDFs with topics ranging from “insurance form” and “acceptance of contract,” to “math answers.” So if you were to search for “insurance form,” a PDF could pop to the front page of search results. The PDF itself doesn’t carry the virus, but once you click the PDF, the trouble starts. The opened PDFs prompt users to download a .doc file or a .pdf version of their desired info. Users who click the links are redirected through five to seven sites with TLDs like .site, .tk, and .ga, Microsoft said. Finally, they end up on a spoofed Google Drive site which prompts a download. Users who download anything from this final malicious site are typically downloading SolarMaker malware.
Protect Yourself Online
There are several steps you can take to protect yourself online. As far as this scam goes, you should remember to never download anything from a site you don’t trust. Also, if you’re looking for a PDF online, you should be able to download it in one click. If you find yourself navigating through five to seven websites to download your content, that is a red flag. Here are some other measures you can take.
Antivirus software
The best first line of defense for your online protection is good antivirus software. This will give you a heads-up by recognizing phishing sites and malicious links before you click them. You’ll also be able to remove any malware that finds its way onto your computer or device. To get the optimum protection, you’ll want to shell out for a paid version. Check out our list of the five best antivirus software providers for 2021. However, just in case you’re only interested in free software, we’ve also provided a rundown of the five best free services as well.
VPN
Using a Virtual Private Network (VPN) is another way to take control of your internet security and privacy. A VPN creates a secure, encrypted tunnel for you to browse in. This keeps hackers and cybercriminals away, and will make your device less vulnerable to attacks. VPNs also allow total anonymity when using the internet, as it hides your IP address and location. There’s plenty of other benefits to using a VPN. If you’re looking to start out, check out our top three cheap VPN providers.
Stay alert
One of the most important things to remember is to stay alert. You can’t always trust links in emails and messages. Make sure the message makes sense and sounds like the person it’s coming from. If someone is infected with a virus they might send out messages to all their contacts with corrupted links and not even know it. Also, be wary of spoofed sites. Hackers are very talented at making phishing sites that look like the real thing. But often if you check the browser, you’ll see the domain name is close, but still different from the actual site. If you want to learn more about staying safe online, check out our eight-step guide.
