SEO Poisoning (or Search Engine Optimization Poisoning) is a type of social engineering attack that targets an unsuspecting user, or maybe someone who is in a hurry and not paying close attention. These are typically used by bad guys to fool unsuspecting users into clicking their links and going to the wrong website, or worse a site that infects their machine or phone.
So what is it? What exactly is SEO Poisoning?
Let’s start with this domain :: 1bluebass.com
A malicious actor might buy this domain; lbluebass.com
Notice how the bad guy just replaced the ‘1’ with the letter ‘l’. At just a quick glance, you would not notice the difference. If you were in a hurry, you would not notice the difference. For non-corporate users, I notice SEO Poisoning in personal emails, usually as a support scam type of event. Think; app1e.com as a potential fake support domain.
The best defense against this is to always double check any link before you click on it. Think about the context of the link or email in front of you. If your bank sends an email about your account, there is a ticket or case#, it is better to just call the bank and ask about that case#, and not click the link.
Stay safe online!