Google has become the companion of our life in the Digital Journey that we ensue day-after-day. The word “Google” is at the tip of the tongue, even among intellects. We use the phrase “Please Google” or “Google Karo (Perform Google)”; for every query that is not answerable by us: be it shopping, a spelling, or to find a location, to catch-up on latest news, etc. The use of the ‘Search’ feature has not only revolutionised the ‘Google’s’ business approach, but has also, pushed back may of those search engines that flourished during the 80’s. Hackers and Phishing attack actors, have also understood the power of the tool, and have begun to use the ‘Search’ feature of Google for malicious actions.
Since the advent of the ‘Google Search’ feature, and its amalgamation with the ‘Chrome Browser’; users have found it convenient to not only search for any and every thing using the ‘Search’ but also typing an URL to populate on the browser after searching for the same from the ‘Google Search’ page. Many of us may claim to be Tech-Savvy and yet use the Google Search circumvent the inconvenience of remembering URLs. It is also observed that, may even have a false sense of confidence, and a belief that they will never fall a prey to scams on Search Services of Google.
If a consumer is looking for a ‘customer care number’, or looking for a bank web address; we immediately ‘Google’ and then we don’t know whether the number is correct or not but we still try to call the number or click on the first link that is populated on Google. As of today, any search on Google aren’t safe. Some of those results can deliver cookies, viruses, malware, and more; apart from directing you to an Cyber Attackers domain. It is also found that there are a good number of Google keywords that are pretty much owned by spammers/ hackers which are then used by them directed to an attacker ‘honey pot/net’. These attackers are looking to prey on new victims.
Users of Google Search, should be sensitive to the fact that, no search on ‘Google’ can be take in its face-value; whether it’s a viral YouTube video, or the most recent big news events, or a company name; hackers have created malicious sites to draw in victims, and it is obvious that it is easy to fall prey to these. It is to be also remembered that ‘One’s Deepest, Darkest Google Searches are being used against them, in the Cyber Domain’.
Let us look at five (5) such search on Google, whose results should not be believed in the first instance:
- Banking Universal Resource Locator (URL)
There are requirements in our routine life to Customer Care Number or Website Addresses, of Banks and other Financial Institution for certain specific purposes. Many of us seldom remember the URL of our Banks, Insurance Company, Payment Sites, etc. It is also an observed behaviour, that there are many users who type the complete URL on the Search window, rather than typing in the URL on the Browser window. The Search Populated Page on Google may also redirect ones click to a Phishing Website of with a Different URL which may be a Look Alike. Search results of ‘Payment Wallets’ also are even more dangerous; this can again lead to spurious web links. The advice here is to, obtain the number or email id or other details from Bank Official Documents (like Cheque books and passbooks or from ATM Cards), rather than from Google Search. In fact, Banks for this reason do not publish or do not have a Customer Care Number, and they encourage Chat Bots/ Web Feedback Form, as part of customer care for necessary interaction with customers. The Banks also arrange ‘Tele Call Back’, for those customers who want certain help. The Bank URLs should always be copied on a ‘Notepad’ and stored in the computer, and the practice of using the Google Search, to search a Bank Website or a Financial Institution/Payment Wallet Link should be avoided. As on date, more than 80 percent of these Financial Websites are found to have a fake replica or a Phishing Webpage, and this poses a major danger for consumers who may land-up on them, due to a Google Search.
- Government Direct Benefit Transfer (DBT) Schemes or Programs
The Cybercriminal Community is on the watch on the web. These Criminal are on the look-out, to home-on to Schemes by the government that is published routinely. They then find this as an attractive bait to hook-up victims to perform a targeted attack and to carry other malicious acts: the live example of this, is the Scheme in which the Government of India had provided the free administration of ‘COVID Vaccination’, many unscrupulous elements on the web, had created malicious websites and also published fake telephone numbers on the web, which were than populated on Search Pages (through paid services or by use of SCO). The Victim once in the net of the attacker, were than channelised to a cyber-attack or steal credentials or to pass on money.
- Customer Care/Service Numbers/Tech Support Numbers/Web Interface
Internet Users, more often hunt for common numbers like Customer Care, Technical Support, Service Number, Helpdesk Number, etc. Sometimes, these Numbers are required when we are generally at the middle of something. Here again, Scammers can easily create spoofed websites that look like the real thing, and also can populated number that may be spurious. The connect so established can then be used to pass payments or use tools to get unauthorised access to Mobile Phones or Devices that hold Apps and Credential based logins. As a rule, one should not Google customer service numbers. Remember, the top results that appears on the Google Search Result Page, can lead to fake phone numbers, where someone will ask you for personal information, including credit card numbers or entice you to install a spurious App. One may also encounter malicious link that will infect devices with malware. The advice here is to, obtain the number or email id of these Numbers from User Manual, Information Brochures or from the Official website of the company or institution. In-fact, good companies for this reason do not publish or do not have a Customer Care Number, and they encourage a Chat Bot/Feedback Form, as part of customer care, or they arrange a Tele Call Back.
- Apps:
The use of apps on devices (Tabs, Laptops, Desktops, Mobiles, etc) is a common affair these days. There are apps for any-thing and every-thing. These apps have also mushroomed beyond expectations, in the last two years. There is an app for everything, but not all apps are safe. When you download a program from a third-party app store, you open your device to potentially malicious software. Even if the app doesn’t negatively affect your phone or tablet, you could be feeding it personal information when creating an account. Make it a practice not to search for Apps in the Search Window of ‘Google Search’, as many of the famous Apps may have a malicious clone hosted on untrusted website. Also, it is advised to only download Apps Apple App Store, Windows App Store, Google Play Store, etc. While malicious apps sometimes make their way into official app stores, they have more robust vetting processes, so you have a fighting chance. (Do resort to verification of Hash of the installable App, by obtaining the Hash from the Official Owner.)
- Shopping Avenues and Coupon Code:
The Google Search has also facilitated users to home-on to Stores or eCommerce Websites for specific requirements and also avail Coupon Discounts from Websites. All this and more, has become a fad and is being used extensively by users on the Web. There have been instances where a product is found listed on an eCommerce website, with the price much lower than those offered on Amazon or Flipkart or Other Legitimate eCommerce Sites. Users are tempted to place the order on products that appear cheaper and even pass-on the money. The Coupon Codes that are available on the websites, may entail passing of ‘user details’, or through payment of one (1) Rupee or through parking a Credit Card details to the sponsored; these in many occasions have been found to be fake and inturn customers have only landed-up losing money. These are dangerous and should not be trusted. Such Search on Google may land the user on a spurious or phishing websites, and inturn, the Cybercriminal then take over from there.
Conclusion
In a recently report scam, the Telangana Cyber Crime Coordination Center issued a statement saying that the users should stop searching for the customer care number on Google. This was after a large number of incidents were reported in which a king-pin has established a call centre and he had purchased a toll-free number and advertised the same through ‘Google’, and had claimed to be providing all forms of tele-assistance for any banking related activities. Though the search is on, to home-on to the culprit and the scheme, there can be no end to the proliferation of such crime on the web