You can never be too careful when clicking on links while on the Internet, and now scammers are trying to get you to click on what appear to be 2018 midterm election-related links.
Bleepingcomputer.com has reported on what they call an “SEO poisoning campaign” to encourage people to click on keywords associated with the midterm elections, terms such as “midterm 2018 election predictions” or “midterm election 2018 polls.” But when they click on the links, they’re redirected to sites that have nothing to do with the election. Instead, these sites are scams, adult sites, and pop-up windows that try to get you to download software onto your computer.
SEO poisoning is when attackers create malicious sites or hack legitimate ones in order to generate pages that promote certain keywords. These pages are then linked together between a large amount of sites under the attacker’s control to get high rankings in search engine results for the promoted keywords. As an example, you may search 2018 polling results, and find one of these illegitimate sites appear near the top of a Google search, but if you click on it, you will be taken to a rogue site.
SEO stands for search engine optimization, which causes sites to appear at the top of the Google search page. There are different ways to promote these illegitimate sites that include adding keywords and the use of hidden text.
The visitors to these sites are then typically shown scam advertisements or are redirected to other sites pushing unwanted software or infecting users via exploit kits.
The popup windows or pages you’re directed to often include official-looking messages asking you to upgrade your Java software, your PDF reader, or other utilities you might normally use. Often they will claim it’s to protect your computer or it’s a security upgrade. But instead of receiving legitimate updates from the software companies, you could be installing software that’s spyware or software that will infect your computer with a virus.
The attackers have hacked more than 10,000 websites that use WordPress software as part of their scam and use these sites to entice you to click It’s not always obvious when you look at the link, because the site may look legitimate.
As we are heading into the U.S. midterm elections, the attackers are leveraging U.S. political keywords in order to entice users to visit these sites. Other phrases include “latest midterm polls,” “new polling information”, and many variants along the same line.
You can spot these dangerous pages by examining the URL link. This structure is [domain]/[random-folder]/[random].php?[random_variable]=.
Instead of being directed to midterm election 2018 polling results, you’ll be sent to a variety of redirects to reach one of the dangerous pages. Long, complicate links such as the one above are a warning sign.