For better customization and personalization of accounts, Google launched the Google Alerts service feature to provide email or RSS (Really Simple Syndication) feed to its users on the latest and hottest news about a specific keyword or topic of user’s interest that tops or adds on the Google search index.
As an easy to use feature, recent circulating news in the cyber world confirmed that adversaries can exploit these alert services. Based on the compromised alerts’ observed behaviour, the spam pages are created containing keywords that currently tops the latest survey of searched topic in Google (Topics: Current Events, Technology, and Security Breakthrough, Celebrities, etc.). These spam pages also now include fake promotion advertisements from established companies or redirecting URLs that adversaries control and use as the initial stage of an in-depth attack that mostly contains malware or spyware. Furthermore, adversaries also find ways to boost the fake pages they created to be on top of the Google indexing services. In this way, the spam pages will ever be presented as the primary source of the users’ alerts.
The latest campaign that abuse Google Alerts confirms that they lure victims to install Adobe Flash Player upon clicking the received alert.
With its sophisticated embedded malicious coding, the scam alert can be opened on Chrome and Firefox – popular web browsers. As the said application is a well-known program that is adequately needed to open dynamic pages on the internet, victims became unsuspicious, resulting in installing the update. Most users do not know that the application has already been discontinued by the developer since the start of 2021. With many people not aware of this update, they become the willing victim of this scheming instead of downloading an update, they are allowing malware or spyware to be installed on their devices.
To avoid being scammed via Google Alerts, few pointers have been disseminated, including proper customization of the alerts to select ‘Only the best results’ to send them. This will adequately filter the alerts delivered to the user to only include licit websites and avoid blogs that are usually used by adversaries to create spam pages.
However, this will not suffice to battle against this new and upcoming malicious campaign. Installation of security applications to scan malware and spyware though highly advisable, as well as proper awareness of the latest scheming and vigilance is still the best practice that everyone should do to avoid fraud. More importantly, scrutinizing everything received from the internet is a MUST as rampant fraud schemes are being delivered to bait intended victims at this time. We must ensure that to only entertain emails or messages from a known and trusted sender. If in doubt, call them personally to authenticate the legitimacy of the offer or information sent to you. Doing this can add more security and protect us from being a victim of malicious activity that is currently skyrocketed at current time.