Election 2020

Hackers Launch 'Poison Campaigns' Targeting Search Engines Ahead of Midterms

Google (AP Photo/Marcio Jose Sanchez, File)

You can never be too careful when clicking on links while on the Internet, and now scammers are trying to get you to click on what appear to be 2018 midterm election-related links.

Bleepingcomputer.com has reported on what they call an “SEO poisoning campaign” to encourage people to click on keywords associated with the midterm elections, terms such as “midterm 2018 election predictions” or “midterm election 2018 polls.” But when they click on the links, they’re redirected to sites that have nothing to do with the election. Instead, these sites are scams, adult sites, and pop-up windows that try to get you to download software onto your computer.

Bleepingcomputer.com explains:

SEO poisoning is when attackers create malicious sites or hack legitimate ones in order to generate pages that promote certain keywords. These pages are then linked together between a large amount of sites under the attacker’s control to get high rankings in search engine results for the promoted keywords. As an example, you may search 2018 polling results, and find one of these illegitimate sites appear near the top of a Google search, but if you click on it, you will be taken to a rogue site.

SEO stands for search engine optimization, which causes sites to appear at the top of the Google search page. There are different ways to promote these illegitimate sites that include adding keywords and the use of hidden text.

The visitors to these sites are then typically shown scam advertisements or are redirected to other sites pushing unwanted software or infecting users via exploit kits.

The popup windows or pages you’re directed to often include official-looking messages asking you to upgrade your Java software, your PDF reader, or other utilities you might normally use. Often they will claim it’s to protect your computer or it’s a security upgrade. But instead of receiving legitimate updates from the software companies, you could be installing software that’s spyware or software that will infect your computer with a virus.

The attackers have hacked more than 10,000 websites that use WordPress software as part of their scam and use these sites to entice you to click  It’s not always obvious when you look at the link, because the site may look legitimate.

As we are heading into the U.S. midterm elections, the attackers are leveraging U.S. political keywords in order to entice users to visit these sites. Other phrases include “latest midterm polls,” “new polling information,” and many variants along the same line.

Bleepingcomputer.com explains:

You can spot these dangerous pages by examining the URL link.  This structure is [domain]/[random-folder]/[random].php?[random_variable]=[keyword].

For example, http://[domain].com/odn6zog/yrzhwam.php?kfmeupjmp=rmidterm-elections-2018-polls.

Instead of being directed to midterm election 2018 polling results, you’ll be sent to a variety of redirects to reach one of the dangerous pages. Long, complicate links such as the one above are a warning sign.

The best advice is to avoid clicking on links that are not associated with legitimate news and political organizations or sites with names you recognize. When pop-up windows or new sites appear asking you to upgrade your software, such as the Java example above, don’t do it. You can always go to the home website for that product and check to see if you have their latest update.  In fact, when you’re confronted with any random or unexpected message asking you to fill out a poll or answer some questions, ignore it. More times than not they are scams or advertisements trying to get your personal information or sell you something.

The Internet is becoming a dangerous place to hang out and it takes some common sense and skepticism to avoid being tricked. You can never be too careful.