How Election-Season Searches Can Become A Security Threat

Guest author Tomer Teller is a security evangelist at Check Point Software Technologies.

On November 6, the United States will complete the most digital Presidential election in our history. In the run up to the big day, millions Americans are flocking to the Web to inform their voting and follow campaign trails. With all the excitement, though, comes a sinister reality: Voter, candidate and campaign-related search terms can turn Web citizens into identity-theft targets and their computers into malicious bots.

New SEO Tricks

Today's cyber-criminals are no longer just reliant on spam. Instead, they use a technique as common among legitimate companies as it is in the world of cyber-crime – search engine optimization, or SEO. For years, attackers have taken advantage of popular news events to entice victims to visit malicious sites. But today's black hat SEO schemes have added some new moves to their bag of tricks.

One new trick surfaced in scams taking advantage of interest in the summer Olympics and is now being employed in the lead-up to the November elections.

Attackers looking to beat efforts by search engines and others to determine the reputation of a website by its age have taken to purchasing existing domains that are about to expire. Typically, the scammers change the content of the page only days before the start of the event they are planning to hijack. Scammers may also purchase dropped domains to bolster their own network by using them to link to their own sites, once again improving their search engine rankings.

The attackers do not need their websites to persist for long; in fact, they do not expect them to. Having their site rank high in search engine results for a day or so can be more than long enough for them to compromise enough machines to make money. 

If the goal is to get users to click on a search result, common sense would indicate that the most popular news item of the day would be the juiciest piece of low-hanging fruit. Right now, that's the Presidential election.

The Bad Guys Now Leverage Niches

But today's scammers are also increasingly moving toward leveraging niche news items and people. The idea is that less-popular subjects will have fewer legitimate search results to compete with, increasing the chances Web users will click on a malicious link. Regional ballot issues, local campaign news or write-in candidates are becoming prime targets.

Part of the key to successful search engine optimization is utilizing backlinks. Backlinks are used by search engines to help determine the popularity of a particular site. The more links to a webpage, the higher that page's page rank.

Scammers exploit this system in several ways. One is to build a profile on a high-traffic site like LiveJournal or SoundCloud - and then add a link to the profile signature. Another is to sponsor a WordPress theme. This allows an attacker to add a link to his site to the theme's template – thereby automatically linking any site where the theme is installed back to the malicious website.

Then there's keyword stuffing, filling webpage content or meta tags with keywords. Google warns that loading pages with irrelevant keywords can hurt a site's ranking, but attackers often try to circumvent this through "cloaking," where the Web server presents different content to search engine crawlers than it does to users.

Tried And True Bad Behavior

Of course, when it comes to SEO, anything that works never goes out of style. Traditional methods such as simply inserting links on user forums and in the comment section of various websites are still commonplace. Scammers also continue to make use of doorway pages, or "throwaway pages," which are designed to draw search engine users to another website.

Search engines like Google are doing their part to discourage abuses - threatening to remove sites that use throwaway pages from the search listings, for example. But responsibility for computer security ultimately lies with the user.

Be wary of search engine results with URLs with names that seem strange or out of place. Various security companies offer safety ratings of URLs. And you always need at least a two-way firewall and antivirus software on your computer.

As always, the key to avoiding threats - even election-related ones - is to stay informed and stay alert.