By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Google's New AI Search Feature Unwittingly Promotes Malicious Sites

April 19, 2024
Google's latest innovation in search technology, the Search Generative Experience (SGE), has introduced AI-generated quick summaries and site recommendations to streamline user queries.

Google's latest innovation in search technology, the Search Generative Experience (SGE), has introduced AI-generated quick summaries and site recommendations to streamline user queries. However, recent observations by SEO consultant Lily Ray, backed by findings from BleepingComputer, have raised serious concerns. The SGE is inadvertently promoting websites involved in malware distribution and various online scams, including fake giveaways and tech support fraud.

The Unintended Consequences of AI-Enhanced Search Results

Earlier this month, Google began integrating SGE into its search mechanisms, aiming to enhance the user experience by providing concise AI-driven responses to queries. However, it soon became apparent that this feature might be suggesting sites that lead users into traps set by cybercriminals. The domains often share similarities such as the .online TLD, identical HTML templates, and a pattern of redirects, indicating their role in a coordinated SEO poisoning campaign designed to manipulate search engine results.

How Scammers Exploit SGE Recommendations

When users follow links recommended by SGE, they are often taken through a series of redirects, ending up on sites that deploy aggressive tactics such as fake captchas or misleading YouTube pages. These sites typically coax users into enabling browser notifications, which then serve as a conduit for delivering incessant spam directly to their desktops.

The Dangers of Browser Notification Spam

Once enabled, these notifications bombard users with misleading ads promoting tech support scams, counterfeit giveaways, and other dubious content. For instance, alerts claiming to be from McAfee may warn users of non-existent viruses, urging them to download software that is actually just a ploy to generate affiliate revenue for the fraudsters.

Complex Web of Deception and Financial Motives

Some of the scams further exploit user trust by promising high-value items like an Apple iPhone 15 Pro through fake Amazon loyalty programs. These schemes are particularly insidious as they harvest personal information for sale to other scammers or direct marketers, amplifying the victim's risk exposure.

SGE's Challenges and Google's Response

Google has acknowledged the issue, noting that while they continuously enhance their spam-fighting capabilities, spammers are also evolving their strategies. This ongoing "cat and mouse" game makes it difficult to completely safeguard SGE from being manipulated. Despite this, Google has taken steps to remove known malicious entries and continues to refine its systems to better detect and exclude harmful content.

Protecting Yourself from Malicious Search Results

As users navigate this new AI-enhanced search landscape, vigilance is essential. Users should be wary of unsolicited browser notifications and suspicious links, even if they appear in Google's search results. Here’s how you can manage unwanted notifications in Google Chrome:

  1. Open Chrome and go to Settings > Content > Notifications.
  2. Under "Allowed to send notifications," review the list of sites.
  3. Click the three dots next to any suspicious URLs and select 'Remove' to stop the notifications.

In light of these developments, Cybersecurity encourages users to exercise increased caution and to critically evaluate the credibility of websites and the legitimacy of online offers. As AI continues to reshape how we interact with digital content, staying informed about potential security threats and understanding how to mitigate them is crucial. By doing so, users can safeguard their digital experience against the evolving tactics of cybercriminals.

There are only 2 type of companies:
Those that have been hacked, and
those who don't yet know they have been hacked.
Protect Your Valuable Organization's IT Assets & Infrastructure NOW
Request a Demo
See how it works and be amaze.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Interested in becoming our partner?