In the past few years I learned to trust Google’s first page results better than my
girlfriend (update following this post: ex-girlfriend). In many ways, it saved me from memorizing URLs of services that I commonly use (or even book-marking them): I would type my bank’s name in Google’s search box and would click on the first result to go directly to its login page.
Not any more.
I was looking to download PowerPoint 2007 viewer. I typed “download powerpoint 2007 viewer” into the Google search box, and got some very interesting results:
I clicked on the first link as I am used to (it’s not the first time I download that viewer), without noticing that it isn’t the Microsoft download page, but a URL called thesource.offallevil.com. I reached a landing page that looks exactly like the expected Microsoft one, however being served by the thesource.offallevil.com domain.
It turns out that someone played a prank on Microsoft and registered a CNAME that points directly to Microsoft’s domain. Somehow (I am too lazy to find out why), it manages to fool Google and have this domain ranked as the #1 search result. By the way, a link to Microsoft’s real URL is located somewhere at the bottom of the search results page.
This Google-phishing scheme is very interesting. By managing to be positioned as the first result in Google (especially, when searching for something as specific as “download powerpoint 2007 viewer” or your bank’s name) – unguarded users can easily be fooled into many dangerous activities: from entering their bank account details in a bogus site, to downloading Trojans disguised as legitimate software.
This is another interesting aspect of our the upcoming search engine of Semingo: it is taking an approach which is at large SEO-resistant and significantly reduce threats of phishing and scams as the one I described above.