Holidays, gifts, decorations, vacation packages… These are just some of the words that come to mind when we hear the word “Christmas.” These are also the words that we are most likely to use as search strings to find the best gifts, travel destinations, and holiday ideas on the Web. And because where users are likely to be at is where cybercriminals will want to be, search string combinations with these words are also what malicious users will poison. As just like legitimate businesses that hope to cater to every user’s need, so will cybercriminals try to trick users to fall for their malicious ploys.
This early, we already found bad links turning up in searches for holiday-/Christmas-related sites:
- Christmas albums
- Christmas decoration
- Christmas e-cards
- Christmas gadgets
- Christmas package
- Christmas travel
- Holiday recipes
The list above comprises just a small sample, however. Cybercriminals can easily add new or take out search strings every minute in a bid to set up traps for early Christmas shoppers, bargain hunters, and well-wishing users.
Poisoning search results in time for one of the most-celebrated holidays worldwide is certainly not a first and should already be expected. Like any other big event or holiday, Christmas is just another means for cybercriminals to spam and scam users into parting with their hard-earned cash or, worse, with their precious credentials.
Instead of gift and travel bargains and ideas, of course, the sites we found either led to fake Adobe Flash Player updates or the now-infamous FAKEAV scan pages. Other users, on the other hand, may end up in spamdexing sites designed to increase the traffic to and the ranking of malicious sites.
Though they say that Christmas is the season to be merry, it is also a time to be more wary. Users should be very careful of the sites they visit. Here are some best practices to follow on your online forays:
- If you have a fairly good idea what online e-commerce site you want to visit to do your shopping, directly type in its URL in the browser’s address bar to avoid stumbling upon bad links in search engines.
- Do not click suspicious-looking URLs even if these appear as top search engine results. Consider a link suspicious if any or some of its components (e.g., <protocol>://<domain>/<folder>/<file>?<parameter>) is made up of random characters.
- Read the overview of the search result (the set of text that appears right after the title page in bold). The search result can also be considered suspicious if the overview does not provide a sensible brief description of the site. A sure sign of blackhat-SEO-related sites is the presence of randomly stuffed keywords in the overview.
- Install a good URL-filtering program such as Web Protection Add-On that can be integrated into browsers.
- Keep in mind that the best things in life are hardly ever free. In fact, too many sites that advertise free stuff usually just give you free malware so beware!
Find out what lurks behind spamdexing and doorway pages in the research paper, “The Dark Side of Trusting Web Searches: From Blackhat SEO to System Infection.”