Google Alerts notifications have become a mess of scams and malware
Threat actors are said to be using the service to promote their cloaked pages
If reports are to be believed, there has been a recent uptick in the number of online scams propagated through Google Alerts.
According to anecdotal evidence laid out by Bleeping Computer, the content notification service is increasingly being abused by malicious users to distribute malware.
The publication asserts the service has now been overrun by malicious users and backed up its claims by gesturing to a recent Google Alerts report made up almost exclusively of malicious links.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- We’ve rounded up the best ransomware protection tools
- These are some of the best endpoint protection software
- Check our list of the best firewall apps and services
Malicious alerts
More worryingly, BleepingComputer further claims that configuring the service to display only the best results won’t prevent the scam results from sneaking into alerts.
When clicked, most malicious URLs are said to redirect users to a website that contains links to fake apps and browser extensions riddled with malware or trick users with giveaways and sweepstake scams.
The links manage to make their way into Google Alerts through a notorious search engine optimization (SEO) technique known as cloaking. In simple terms, the technique works by displaying legitimate content search engine spiders, while showing something else to visitors.
BleepingComputer illustrates this by opening up one of the malicious pages delivered via Google Alerts. When opened directly, the page displays lots of text loaded with keywords to help it makes its way into alerts.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
However, when the URL to the page is clicked via Google Alert, it’ll redirect users to a malicious website.
Google did not respond immediately to our request for comment.
- Here’s our list of the best disaster recovery services
Via BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.