Cyber Analysis Group - CyberAGroup - OSINT Darkweb Investigations - Insider Threat - Crypto - Online threat & exposure - SOCMINT - Canadian
Many individuals consider Google to be their primary resource for finding information of all kinds. The phrase “Google it” has become a part of our everyday vocabulary.
Unfortunately, this dependence on Google is increasingly being exploited by scammers. Consider two recent examples. Yesterday, a neighbor contacted me after a concerning conversation with someone she believed to be Starlink support. She had experienced issues with her Starlink Internet service and searched for “Starlink support” using Google. The top search result displayed a page that appeared to be Starlink’s official website, including a support phone number. When she called, the representative quickly shifted from troubleshooting to aggressively attempting to sell her an extended warranty. Although he claimed that the $350 warranty would be offset by account credits, my neighbor recognized the warning signs, declined the offer, and hung up.
Last month I almost got got. I searched for the website of a bank that I use infrequently and clicked the first Google result. The site looked identical to my bank's legitimate website. After entering my password, I was immediately prompted to "verify" my backup security questions - they wanted my questions and answers. My bank already has those and shouldn't be asking me for both. I knew immediately it was a scam. Upon inspecting the web address more closely, I discovered that although the URL appeared correct, it contained a Cyrillic “a” instead of a standard Latin “a,” making the address indistinguishable to the naked eye. I immediately went to the legitimate bank website, updated my credentials, and reported the fraudulent site to the Domain Registrar, Google and the bank. The fake website was removed within six hours.
Although Google continues to introduce AI-driven protections and security updates aimed at blocking fraudulent sites and ads, scammers always adapt by employing new tactics such as paid advertisements and search engine optimization (SEO) tricks, as well as by exploiting occasional limitations in Google’s site-vetting processes.
How can this risk be mitigated? For critical sites, especially those that involve financial data, it is important to manually type the correct web address and bookmark it for future reference. Relying on search engines to direct you to these sites can be risky. Additionally, scammers tend to target larger search engines like Google and Bing due to their popularity. There are several alternative search engines, including Brave (https://search.brave.com), Kagi.com, Mojeek.com, and Yep.com, that use independent algorithms and indexes, emphasize privacy, and employ strong fraud prevention methods.
The best advice is to do what my neighbor did: pause if something feels suspicious - whether on a website or during a phone call. Do not engage further until you have verified the contact details or web address through multiple trusted sources. Listen to your Spidey voice!