Criminals are using SEO to boost downloads of malicious PDFs

A white padlock on a dark digital background.
(Image credit:

Cybercriminals are using popular Search Engine Optimization (SEO) methods to improve the rankings of their phishing sites, and it seems to be working rather well. 

According to a new report from security service edge provider, Netskope, phishing downloads of malicious PDF files rose 450% in the last 12 months, and SEO tools are partly to “blame”.

SEO is a practice in which the contents of specific websites are optimized in such a way that search engines are better able to index, and track them. If these websites check all the right boxes during indexing and tracking, they’ll appear higher on search results pages - an endeavor seen as the “holy grail” of digital marketing.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Phishing is not reserved for emails

Optimizing website content for search engines means doing a number of things, from ensuring the right content length, to having the proper keywords, enough inbound and outbound links, to tweaking metadata for all the multimedia content. Then, there are things like content-to-ad ratio, cumulative layout shift, and a myriad of other things. 

Those that “nail” it, get rewarded by having their websites appear higher on search results pages. 

Phishing is not a novel practice. It’s been around since the dawn of the internet, and its premise is simple - trick the victim into giving away sensitive information - be it passwords, or personally identifiable data, or into downloading viruses and malware. 

But phishing has almost always relied exclusively on email and social media channels. Victims would receive a seemingly innocent email or private message, from someone either posing as a well-known brand, their co-worker, or otherwise a person of interest.

That message would carry a link, or an attachment, which would compromise the victim’s endpoint in one way or another. 

Being a popular practice among crooks, most businesses have trained their staff to spot when they receive a phishing attack in their inbox. The training, however, usually doesn’t cover search engines.

“People know they should be wary of clicking on links in email, text messages, and in social media from people they don’t know. But search engines? This presents a much harder challenge.” said Ray Canzanese, director of Netskope’s Threat Labs. 

“How does the average user differentiate between a “benign” search engine result and a “malicious” search engine result? From an enterprise perspective, this underscores the importance of having a web filtering solution in place,” Canzanese said.

The best way to defend against SEO-optimized phishing attacks is to deploy a solution that decrypts and scans web traffic for malicious content, Canzanese concluded.

Via: VentureBeat

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.