Googling seems harmless, but what you google may actually put you at risk of falling victim to a hacker.
Cybersecurity experts have revealed common words and phrases you should never Google if you want to avoid being hacked.
This comes after cybersecurity company SOPHOS issued an urgent warning on its website, asking people not to type six words into their search engines: “Are Bengal Cats legal in Australia?”
Jake Moore, global cybersecurity advisor at ESET, explained to the Daily Mail that a technique called “SEO poisoning” allows cybercriminals to use Google’s search results to bring unknowing victims to click on websites that they control in an attempt to weaken the computer’s security.
“SEO poisoning is a tactic used by cybercriminals to manipulate search engine results and then direct users to malicious websites which often look genuine,” Moore said.
“When users click on these links they are taken to sites that expose them to malware that often immediately downloads which can compromise the computer’s security and potentially lead to data theft or device infections”
Here are the five words and phrases you should avoid putting into Google to avoid the risk of being hacked:
Customer service numbers
Doing a quick Google search is an easy way to find a company’s customer service phone number, but scammers will often purchase ads to appear at the top of the search results to trick unsuspecting people.
These scammers will provide misleading links and phone numbers that ultimately connect the user to them rather than the company they are trying to reach.
“They receive these calls, sometimes hundreds daily, and they convincingly mimic a technician,” Ben Van Pelt, founder of cybersecurity company TorGuard, explained to Indy100.
To avoid this, experts suggest skipping the ads and going straight to the company website to get their contact information.
Money-making searches
Scammers will exploit people who are in financial distress and searching for “easy loans” with false advertisements for easy and immediate loans.
“Instead of turning to Google for financial aid, seek financial services from recognized banks and lenders,” Van Pelt advised.
In the same vein, searching for “quick money-making schemes,” which often promise “investment opportunities,” will usually lead to a pyramid scheme.
“Avoid getting caught in pyramid schemes. For investment opportunities, always consult a reputable investment broker or financial advisor,” he said.
Searching for “high-paying remote jobs” and “free credit reports” is also risky.
“When searching for employment, stick to well-known job websites and the official career pages of reputable companies to minimize the risk of encountering scammers,” Van Pelt said.
Google Authenticator
Some cybercriminals will try to imitate actual products. Back in June, cybersecurity researchers from Malwarebytes said that scammers were targeting users searching for the Google Authenticator app.
The app requires the user to log in to secure services and provide two-factor authentication, but Malwarebytes discovered that hackers purchased ads to promote what looks like a legitimate link to the app.
However, in these false links, the person who clicks “download” ends up installing malware designed to ransack a device for personal data.
“The core issue with brand impersonation comes from ads that appear as if they were from official sources and advertisers’ identities verified by Google,” Jérôme Segura of Malwarebytes wrote in a blog post.
“We should note that Google Authenticator is a well-known and trusted multi-factor authentication tool, so there is some irony in potential victims getting compromised while trying to improve their security posture.”
Sports mental toughness questionnaire
Cybercriminals are also known to go after certain individuals and groups of people.
Researchers at Menlo Security were investigating a malware campaign called SolarMarker when they discovered that the extremely specific phrase “Sports Mental Toughness Questionnaire” was one that was compromised.
The search led to links to PDF files that are automatically downloaded to the computer and downloaded viruses hidden on the page.
“It [SEO poisoning] is often hard to spot but it will usually be used specifically for people using Google to search for documents and PDFs rather than websites,” Moore explained. “The dodgy links will be embedded in so they will automatically download without your knowledge.”
If something does download, Moore advises against clicking on the file. Rather, remove it and conduct a virus scan “for peace of mind.”
Online Viagra
Cybersecurity experts warn to be careful when searching for Viagra or similar products online so as to not fall victim to the “pharma hack.”
This hack involves scammers breaking into vulnerable WordPress websites and putting in links to fake pages advertising knock-off versions of branded pharmaceuticals.
“By doing this, people genuinely believe they are clicking on a legitimate website that sells legal pharmaceuticals,” researchers from SolidWP explained.
Once someone has been brought to the site, scammers can trick them into giving personal information and can even sell them fake pharmaceuticals, which could be detrimental to one’s health.