Most people think that their computers or mobile phones can only be hacked if they download a program or go onto a website that looks suspicious. However, the latest ring of cyber attacks point to a completely different method of infection.

Last May, The US Treasury Department fell victim to cyber criminals who hacked their website to spread malware. These kind of attacks are becoming more common as cyber criminals find better ways to exploit their malware. Trending offers this opportunity by allowing them to see just how frequently a certain topic is searched. By having this information, they can create websites that contain malware or hijack existing trending sites to steal information. Here are a few ways that trending topics lead to successful hacks. 

The Anatomy of a Social Media Attack

One change that has occurred over the digital age is something called “trending.” Trends has always been around, but they were much harder to spot. Industry analysts and experts would gather at conferences and crunch numbers to determine what was trending and to make accurate predictions of future trends. However, search engine analytics and SEO tactics made it much easier for them to spot these trends online. Soon, businesses began using these tactics to promote their products, brand loyalty and higher visibility in a search. What branched off from this practice was the ‘sharing culture.’

Since information was much easier to find, the average computer user could perform a search and find these trends within seconds. He or she could also share these findings in the form of a link on a social media platform. Business analysts began to see just how important social media sites were, so they began to use this method as a promotional tool. Unfortunately, opportunists saw this same method as a way to spread infections to a large amount of people in a relatively short time.

First, they begin with an internet search that reveals trends followed by their targeted demographic. They gather links to viral videos, trending games or topics and news briefs. The hacker then couples these links with sentences that encourage the viewer to open the link. Once the viewer clicks it, he or she is take to an unresponsive page that displays a pop-up. This popup tells the viewer they need to download or fix something in order to view the page’s elements. Once the person clicks ‘Continue’ ‘Next’ or any other variation, malware is downloaded to the computer instantly.

Due to the ‘sharing’ culture within social media platforms, these malware links are able to spread to thousands of people in under an hour. What makes this malware hard to avoid, is the fact that many of these messages are sent from people within the person’s own friends list.

Misleading WebSites - Search Engine Poisoning

Another way that hackers steal important data is through a method called Search Engine Poisoning. Search Engine Poisoning (also called SEO Poisoning) is a method by which hackers use the latest SEO tactics to rank up an infected website or to find trending websites to infect.

One SEO poisoning attack occurred in October of 2010, when hackers used popular Halloween keywords to lure people into clicking a website. The site displayed a pop-up that told the viewer their antivirus software was out of date or that their PC was infected. They were instructed to click on a pop-up that supposedly fixes the issue, but it infects their systems instead. According to Computer Weekly, this SEO Poisoning attack lead to the discovery of 10 new malware threats, of which 7 were Trojans.

Often times, these websites appear when someone searches for a popular trend in a web or image search. The content snippet or image that displays, leads them to believe that the the link is credible, so they click into it.
Some of these sites also pretend to sell items that may be related to the trend. Once the unsuspecting victim goes through the steps to check out, the hacker steals their payment information. Unfortunately, these attacks are harder to avoid since the hacker may “hijack” or even purchase multiple domains to orchestrate the attack.

All is Not Lost

Aside from simply avoiding sites that look fictitious to begin with, there is something you can do to further protect yourself – backing up your data. By performing regular data backups to a cloud-based server, your data is always accessible in any event. If you were to accidentally click one of these links and your computer was infected, you could retrieve your data from another computer within seconds. Some people already use these methods to protect their pictures, music and videos.
In addition to automatic data backups, you should always make sure your antivirus and antimalware programs are up-to-date – and turned on! You should schedule regular scans to make certain that your computer is always protected.

About the author: Anne Matthews is a technology enthusiast who enjoys writing about data security and recovery. She currently writes blogs and guest blogs for CBL Data Recovery.