Whenever a celebrity scandal breaks, like Kristen Stewart's cheating on boyfriend Robert Pattinson, entertainment journalists aren't the only ones scrambling to get the story online -- so are hackers.
For the past 10 years, it's been a common tactic among hackers and online scammers to use celebrity news and other big news events or controversies (like Osama bin Laden's death or Obama's birth certificate) to trick people into clicking on infected websites.
How do they do it? By doing something called "SEO poisoning" -- also referred to as "blackhat SEO" -- and it's a concept that everyone should become familiar with because, chances are, at some point it's going to happen to you.
Here's how SEO poisoning works:
- Infect a legitimate website: Every website has a lot of working parts, and if any of them are even the slightest bit insecure or not fully updated (which a surprising number of big companies and news organizations let happen), hackers can get in and set a trap for readers. The most common tactics they use here include XSS (cross-site scripting), drive-by-downloads and iFrame attacks. I previously explained those first two attacks here, but in a nutshell: XSS is when a hacker sneaks in a malicious script on a legitimate website that waits for someone to visit the page and then launches an attack against her computer -- typically, the goal is to steal passwords stored in her browser cache. A drive-by-download attack often takes the form of a popup ad (e.g., anti-virus warning) that won't go away unless the person clicks to cancel it. But clicking anywhere on the ad, even if it is to "cancel" or "X" the window, triggers an attack against the person's computer. Another clever trick is the iFrame attack, in which the hacker places an invisible screen over a website that will redirect you from the page you're trying to view to another website -- often a scammy Viagra or anti-virus ad.
- Game the system: Sometimes, it's just easier to do it yourself and create a fake website. The most popular, and original, form of blackhat SEO, is to manipulate search engines to make a scammer's links appear higher in the search results than legitimate websites. Google and Microsoft's Bing search engine are aware of this tactic -- and they've tried to engineer protections into the search systems that prevent this -- but blackhat SEOers still manage to game the system, albeit for a shorter period of time than they used to. That's why the most dangerous time to search for "Kristen Stewart cheating" is right after the news breaks -- it takes a little bit of time for the search engines to root out the scammers' links.
- Pile up on Google Images: Did you know that image search results are usually more dangerous than Web search results? It's easier to get a higher ranking in image search pages, which means the above two threats can proliferate here. You have to be careful about what you click on when hunting for pics. For example, if you searched for "Kristen Stewart cheating" in Google Images on the morning of August 10, you would have noticed that among the photo pages of established news outlets like Us Weekly, NY Daily News and E! Online, there were a number of lesser-known sites -- like Yeeeah.com, TheBerry.com, etc. According to URLVoid.com, a service that checks website addresses for safety problems, both Yeeeah and TheBerry have or had potential safety issues which the average person wouldn't know on first look. To be fair, this doesn't mean the pages are illegitimate; it just suggests the websites may or may not be as secure as others, as these services sometimes trigger on a false positive. As an example, ABC 7 News in Washington, D.C., also appears in the Images search, and comes up under URLVoid has having a potential safety issue.
SEO poisoning attacks aren't the only way hackers can target you on breaking news stories, though. Instead of waiting for you to search the latest Kristen Stewart gossip, hackers can make the news find you via social network scams. In the last year, two popular Kristen Stewart scams have targeted Facebook users. One, in April 2011, pretended to link to a game promoting the then-upcoming movie Twilight: Breaking Dawn. Earlier this summer, another scam enticed victims to click on a video called "Kristen Stewart was taped drunk and having s#x" so it could clickjack them.
Here are a few ways to protect yourself from celebrity gossip scams:
- Update your computer's operating system, Web browser and anti-virus: In most cases, this will protect you against common scams.
- Change your browser's security setting: Whether it's Chrome, Internet Explorer, Safari or Firefox, every browser allows you to raise the security setting to guard against malicious websites. The safest setting of all is "no scripting," which blocks against XSS and other attacks, but it will also diminish your Web surfing experience.
- Check the URL: Before clicking on a picture found in a Google Images search, check the accompanying URL in URLVoid.com to see if it's had any reported safety issues.
- Don't be a Facebook sucker: Do you really think a celebrity sex video making the rounds in Facebook spam is legitimate? Don't be gullible on Facebook. If the post looks spammy or a message from a friend doesn't sound like them and wants to send you to a tiny URL link, don't click on it.
- Use a URL Expander: That brings us to the next point -- tiny URLs. Never, ever click on a tiny URL unless you know where it's taking you. Just go to LongURL.com, URLXray.com or WhereDoesThisLinkGo.com to quickly and easily find the real Web address concealed by the shortened link.
- Be skeptical!: Don't just click on any image or news link that pops up in Google Search. Look at the Web address first. Does it look familiar to you? Does anything strike you as suspicious? Obvious clues are that you've never heard of the website, it uses a lot of extensions in the URL which try to make it seem real (fake example: nytimes.kristenstewart.naked.com), or it has a misspelled word or just a random serious of letters in the Web address. Learn to trust your gut.
- Educate yourself: The folks at the Sophos anti-virus company do a great job of tracking the latest online scams, including many celebrity gossip scams, which they report daily at their NakedSecurity blog. By reading this blog, you can educate yourself about current scams.
Follow Michael Gregg on Twitter: www.twitter.com/TheSolutionFirm