These are the 6 words you should not type if you don’t want your computer to get hacked
Cybercriminals are getting ever more sophisticated in how the target victims. Sophos, a cybersecurity firm, has issued a new warning for cat lovers.
When searching the internet its important to be sure that the link you are clicking on is a legitimate webpage. Cybercriminals are becoming ever more sophisticated not just with the tools at their disposal to get access to your personal data but also in how they trick victims into opening the door for them.
Sophos, a cybersecurity firm, is warning cat lovers to beware when searching for information online. Specifically, entering six words into your search engine and then “clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search.” This could result in your personal information, such as bank details, being stolen.
These are the 6 words you should not type on if you don’t want your computer to get hacked
Earlier this year, a new GootLoader variant was detected leading to a broad threat hunting campaign by Sophos X-Ops Managed Detection and Response (MDR). As is typically the case with a Gootloader, which is type of malware, it was found to be using search engine optimization (SEO) poisoning. This is a technique to put malicious websites high in the ranked results from web searches enticing unwitting victims to click on the link.
The exact six words in question are “Are Bengal Cats legal in Australia?” Those who have clicked on fraudulent links resulting from this specific search have reported having their personal information stolen.
Generally, the website will proport to have information that the person is looking for, typically contracts or other legal or financial documents. During the MDR investigation “the threat actor was using SEO poisoning through an easily accessed online forum found via a simple Google search.”
The user was searching for ‘Do you need a license to own a Bengal cat in Australia’ which resulted in a malicious URL coming up first on the search results list explained Sophos. After the user clicked on the link they downloaded a .zip file which began the first phase of the hack. In the case of the particular user described in the report, the third stage, full deployment of malware tools, was unsuccessful.
The cybersecurity firm advises that “users should still look out for search results and search advertisements that seem too good to be true on domains that are off the beaten path.”