In an experiment done by Security Researcher Jim Stickley shows how search engines can be used to funnels shady schemes.

Under the experiment, Stickley with the permission of Credit Union of Southern California created a phishing site and manage to rank No. 2 on Yahoo and No. 1 spot on Microsoft’s Bing. Google, which handles over 60 percent of search request in the US did not, falls for the scheme. Stickley’s phony site got the best ranked on the sixth page in Google’s search result and was out of sight for most people.

Google places warning alongside sites that is suspect to be malicious. But even Google acknowledges it isn't foolproof. Some scam sites do got its way into Google’s search results, although the number is very low.

A Yahoo spokeswoman didn't respond to requests for comment. Microsoft said in a statement that Stickley's experiment showed that search results can be cluttered with junk, but the company insists Bing "is equipped to address" the problem. Stickley's link no longer appears in Bing.

In fact, Google is suing a company offering, “work at home” programs through web sites that look legitimate and claimed to be affiliate of Google.

Stickley's site wasn't malicious, but easily could have been. In the year and a half it was up, 10,568 visitors were automatically redirected to the real credit union, and likely never knew they had passed through a fraudulent site.

For full details of the report you may logon to AP news, 8 Dec 2009, Tue,


Masaru comment:

In fact phishing site or fake site is nothing new, perhaps this is the first time main media has made coverage on this security issue. Often victims are those whom are not security cautious.

There is a big different between knowing how to make the Internet and Internet security for end users. Knowing where to click and browsing the Internet doesn't make you safe online.

Search engine's job is to present information it find on the web.  User must apply their own judgement when dealing with information presented from search results.

0 comments