• Home
  • /Learn
  • /Hackers are phishing using SEO to rank harmful PDFs on search engines


Hackers are phishing using SEO to rank harmful PDFs on search engines


 A study by Proofpoint said that by 2021, 83 percent of organizations would become victims of an email-based phishing attack. The study said cybercriminals would lure unsuspecting victims into clicking on a malicious link, downloading malware, parting with login sensitive credentials, or making a wire transfer. Since then, cyber attackers have evolved and include SEO methods to carry out phishing attacks. Now, attackers target employees using search engines like Google and Bing to entice them into surrendering vital information. The study had predicted phishing attacks would evolve, and SEO phishing attack techniques are a testimony to it. 

How does SEO help cybercriminals steal information? 

Search Engine Optimization (SEO) uses algorithms to ensure that the most relevant and popular web pages appear first in the SERP. SEO is the reason behind the most appropriate websites getting the highest traffic. On the other hand, Black hat SEO is a lesser-known evil sibling of SEO. Black hat SEO is a typical cybercriminal tactic that works around algorithms, exploits flaws, and produces spurious links. This technique aims to direct unsuspecting visitors to malware-laden webpages and other malicious webpages.  

One way they do this is by capitalizing on the popularity of well-known websites. Some websites, for example, allow visitors to leave comments or submit files to their pages. Hackers post a link to their malware or a virus-infected file on a prominent website. The bait is for those likely to click on the link with the false sense of security that the popular website will have a strong security perimeter. 

The recent cyberattacks against the UNESCO and Cuban governments are two examples. A user going by the handle 'm1gh7yh4ck3r' posted PDF files claiming to be able to break into online accounts. When consumers clicked on the links, they were taken to a slew of fake websites, urging them to download files in exchange for the program. 

Another way attackers drive SEO-based phishing attacks is through payload delivery for malware, which taps into Gootkit Remote Access Trojan. For example, hackers create web pages using a Javascript-based infection framework to rank pages highly in the SERP. Unsuspecting users access these pages and type their queries only to be taken to pages loaded with malicious links to .zip archive files. These .zip files often contain a .js file, which, when executed, decrypts code and brings in additional malware.

 How to protect yourself from SEO-driven phishing attacks? 

The rise in SEO-driven phishing attacks highlights the importance of employee security awareness training. According to a report, traditional security measures such as secure email gateways have repeatedly failed to address phishing attacks. Security teams can use a variety of tactics to protect employees from such attacks. 

One of the most successful methods is to use a system that can decrypt and monitor online traffic for harmful content. Security teams should also urge users to scrutinize all links before clicking them and proceed with caution if the link leads to an unfamiliar website. When an employee opens a malicious PDF, they will see a fake captcha on the first page, followed by text on subsequent pages. 

In such cases, users should shut the file, delete it from the device, and alert the security staff. Users need to report harmful URLs on prominent search engines so that the provider can remove them and protect others from falling prey to scams. 


In today's world, phishing attacks are one of the biggest threats. Phishers frequently use human vulnerabilities coupled with technological advantages (i.e., technical vulnerabilities) to reach their goal.

Although educating staff may be one of the most effective defences against phishing, the sophistication and new social engineering methods can make identifying and eliminating the threat challenging.

Consider a thorough penetration test for your organization's systems and networks to identify and eliminate vulnerabilities before malicious actors have a chance to exploit them. Contact the Packetlabs team today for a free, no-obligation quote!