Skip to main content

Hackers are using SEO to rank malicious PDFs on search engines, research finds

Phishing, E-Mail, Network Security, Computer Hacker
Image Credit: Getty Images

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


Today, researchers at security service edge provider, Netskope, published the Netskope Cloud and Threat Report: Global Cloud and Malware Trends, which found that phishing downloads rose 450% over the past 12 months, and highlighted that attackers are using search engine optimization (SEO) to rank malicious PDF files on search engines.

The report’s findings show that phishing attempts are constantly evolving, and attackers aren’t just targeting employees through their email inboxes; they’re also using popular search engines like Google and Bing

The increase in phishing attacks and the growing popularity of SEO techniques among cybercriminals highlights the need for enterprises to provide their employees with security awareness training so they’re prepared to spot threats and not at risk of handing over sensitive information. 

Phishing: a nuisance that won’t go away 

The report comes as security teams have consistently failed to address the challenge of phishing attempts with traditional security tools such as secure email gateways. 

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

Research shows that in 2021, 83% of organizations experienced an email-based phishing attack where they were tricked into clicking on a bad link, downloading malware, providing login credentials, or completing a wire transfer. 

Now with hackers turning to SEO techniques, the number of successful phishing attacks has increased and has the potential to rise further, as attackers have a new medium where they can manipulate employees into handing over sensitive information outside the protection of other security controls.

“People know they should be wary of clicking on links in email, text messages, and in social media from people they don’t know. But search engines? This presents a much harder challenge.” said Ray Canzanese, director of Netskope’s Threat Labs. 

“How does the average user differentiate between a “benign” search engine result and a “malicious” search engine result? From an enterprise perspective, this underscores the importance of having a web filtering solution in place,” Canzanese said. 

How to Spot malicious PDF files 

When it comes to defending against these SEO-driven attacks, Canzanese highlights several methods that security teams can use to protect employees. One of the most effective is to use a solution that can decrypt and scan web traffic for malicious content. 

At the same time, security teams should encourage users to inspect all links they click on, and to exercise caution if the link takes them to an unfamiliar website. 

In the event an employee does click on a malicious PDF, they can expect to see a fake captcha at the top of the first page, followed by text on other pages. In these scenarios, users should close the file, delete it from the device and report it to the security team ASAP. 

Canzanese also notes that it’s important for users to report malicious URLs that feature on popular search engines to help the provider unlist them from the site and prevent other users from falling victim to a scam.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.