• Home
  • /Learn
  • /Phishing Using SEO to Rank Harmful PDFs on Search Engines
background image


Phishing Using SEO to Rank Harmful PDFs on Search Engines


Have you heard? Hackers are phishing using SEO to rank harmful PDFs on search engines...putting you and your team at heightened risk of being phished.

Here's what you should know:

Phishing Using SEO: When Did it Start, and What Does it Mean?

 A study Proofpoint reported that, by 2021, 83% of organizations would become victims of at least one successful email-based phishing attack.

The study went on to state that cybercriminals would lure unsuspecting victims into clicking on a malicious link, downloading malware, parting with login-sensitive credentials, or making a wire transfer. Since then, cyberattackers have evolved and now include SEO methods for phishing attacks via Google and Bing in a way that some cybersecurity firms hadn't predicted.

This is just one component of the rapid acceleration of sophisticated cyberattacks worldwide. In 2023 alone, the cybersecurity statistics reflect that:

  • There are 75x more phishing sites as malware sites in 2023

  • Phishing is the #1 complaint for both individuals and businesses

  • Social engineering attacks are taking around 270 days to identify and contain

  • 82% of data breaches contain a human element

  • 90% of social engineering attacks target employees vs. technology

  • CEOs are targeted 57x per year on average by social engineering-related threats

How SEO Helps Cybercriminals Steal Information

Search Engine Optimization (SEO) uses algorithms to ensure that the most relevant and popular web pages appear first in the SERP. SEO is the reason behind the most appropriate websites getting the highest traffic.

On the other hand, Black hat SEO is a lesser-known evil sibling of SEO. Black hat SEO is a typical cybercriminal tactic that works around algorithms, exploits flaws, and produces spurious links. This technique aims to direct unsuspecting visitors to malware-laden webpages and other malicious webpages.  

By phishing using SEO, these threat actors capitalize on the popularity of well-known websites. Some websites, for example, allow visitors to leave comments or submit files to their pages. Hackers post a link to their malware or a virus-infected file on a prominent website. The bait is for those likely to click on the link with the false sense of security that the popular website will have a strong security perimeter. 

Last year's infamous cyberattacks against the UNESCO and Cuban governments are two examples. A user going by the handle 'm1gh7yh4ck3r' posted PDF files claiming to be able to break into online accounts. When consumers clicked on the links, they were taken to many fake websites, urging them to download files in exchange for the program. 

Another way attackers drive SEO-based phishing attacks is through payload delivery for malware, which taps into Gootkit Remote Access Trojan. For example, hackers create web pages using a Javascript-based infection framework to rank pages highly in the SERP. Unsuspecting users access these pages and type their queries only to be taken to pages loaded with malicious links to .zip archive files. These .zip files often contain a .js file, which, when executed, decrypts code and brings in additional malware.

How to Protect You and Your Organization Against Phishing Using SEO

The rise in SEO-driven phishing attacks highlights the importance of employee security awareness training. With traditional security measures such as secure email gateways repeatedly failing to sufficiently address phishing attacks, security teams must wield a variety of tactics to protect employees from such attacks. 

One of the most successful methods is to use a system that can decrypt and monitor online traffic for harmful content. Security teams should also urge users to scrutinize all links before clicking them and proceed with caution if the link leads to an unfamiliar website. When an employee opens a malicious PDF, they will see a fake captcha on the first page, followed by text on subsequent pages. 

In such cases, users should shut the file, delete it from the device, and alert the security staff. Users need to report harmful URLs on prominent search engines so that the provider can remove them and protect others from falling prey to scams. 


In today's world, phishing attacks are one of the biggest threats to an organization's processes, reputation, and financial well-being. Phishers frequently use human vulnerabilities coupled with technological advantages (i.e., technical vulnerabilities) to reach their goal.

Although educating staff may be one of the most effective defences against phishing, the sophistication and new social engineering methods can make identifying and eliminating the threat challenging.

Consider a thorough penetration test for your organization's systems and networks to identify and eliminate vulnerabilities before malicious actors can exploit them. Claim your free, zero-obligation quote today.

Download our Free Buyer's Guide

Whether you are looking to complete Penetration Testing to manage risk, protect your data, comply with regulatory compliance standards or as a requirement for cyber insurance, selecting the right company is crucial.

Download our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.