Just because it's "Top 10," doesn't mean it's actually any good.
Where a website ranks in a search page matters a lot: About a quarter of all searchers click on the first link and very few click through to page 2. Search engines even capitalize on this fact by selling ad space that sits at the top of search results, usually marked with the word “Ad,” before serving up organic results.
While the major search engines don’t share their exact criteria, there are entire industries built around trying to figure them out — and then game them. Because most consumers think that the best rises to the top when it comes to online search (and, to some degree, that’s true), skilled scammers can take advantage of the system. They utilize search engine optimization — or SEO — to either push subpar products up the rankings or to serve up straight up scams.
Here are some tips on how to spot a scammy search result.
The Avast Threat Intelligence Team did a deep dive on how scammers were gaming search engine results to deliver malicious links that either steal financial information or get a searcher to download malware. One of the top ways to identify a scam like this is if a deal just looks too good to be true. Do you really think people are giving away iPhones? Or all expenses paid trips? Or anything else that feels very, very tempting — and very unlikely?
Another example of a “too good to be true” scam is when a company offers a significantly lower quote than everyone else in their industry. That’s what Avast user Kari illustrated in her story about getting scammed out of nearly $10k by a moving company. The initial quote for her mid-pandemic cross-country move was tempting — but she paid for it in a major way in the end.
Another sign that the Threat Intelligence Team pointed out was a very simplistic looking site. Search engines try to prioritize quality content with their algorithms, so if it looks like it was thrown together from a crappy template? It probably was.
It also probably has a bunch of SEO stuff in the backend which isn’t visible to the every day user, but that the scammer packed in so that it would rank higher than it would otherwise. (If you want a technical look behind the scenes, check out the full Threat Intelligence Team report on how scammers optimize SEO to lure victims.)
Always take a look at the web address (URL) before you click on it. If it seems off — like maybe the name seems odd or it has a weird ending, for example — then don’t click on it. A lot of scams sites are don’t use .com URLs because they know they’re going to be taken down relatively quickly and .coms are more expensive than other URL endings. So be wary of anything that looks cobbled together, with a weird tail.
Scammers also love to game review sites because they know that humans trust other humans more than we trust devices. These scams — like the moving scam Kari encountered — tend to be more about getting you to hire a scammy company, not about stealing your financial information or getting malware onto your computer.
A great way to identify a review scam is to really read through all of them, not just the first page. Look for things like similar language, a bunch of positive reviews at once (especially if there’s a batch of negative ones further back), names that don’t match the demographics of the area, and companies in the same area with almost the same name. (If they’re scammers, they know how to change their name when needed.)
Unfortunately you can still get scammed by search engine scammers even if you know what to look out for. But don’t feel ashamed about it: Remember, it’s these people’s job to scam you. They’re often very good at what they do and their methods are changing all the time as people catch on. To further protect yourself from search engine scams, you can install antivirus software that will filter out malicious sites.
And remember: It always pays to dig deeper than the first listing. It’s easy to let the search engines do the work for us, but staying clear of scams requires a little more to protect ourselves and our loved ones.
Avast security experts have detected scammers pretending to be Ukrainian nationals affected by the current conflict asking for Bitcoin on social media.
An online scammer pretending to offer the new Checkra1n tool for jailbreaking iPhones is actually sending users to a malicious site for click fraud.