The NJCCIC recently received an incident report regarding search engine optimization (SEO) poisoning. An individual searched for Facebook’s Help Center using a popular search engine and found a fictitious 1-888 phone number for Facebook Support as one of the top results. After calling this number, the scammer identified themselves as an employee of Facebook and informed the victim that their account had been hacked and used to make unauthorized purchases. The scammer instructed the victim to grant remote access to the device and then requested that they log into Venmo and other accounts.

In SEO poisoning, threat actors strategically create malicious websites and use keyword stuffing to insert irrelevant keywords into a webpage’s text, meta tags, and other website areas. This technique deceives search engine algorithms to increase the website’s visibility and rankings, causing these websites to display at the top of search engine result pages (SERPs). For more information, please review the NJCCIC advisory, Increase in SEO Poisoning and Malvertising.