Is Search Traffic Going Down? Maybe Its a Malware or Phishing Attack

Why is your search traffic slumping? Do webmasters really need to worry about it?

Well, if a website has fallen prey for phishing or malware attack then it would definitely impact the website’s traffic growth and unfortunately many webmasters are unaware of this kind of attack and end up losing potential customers who get retracted due to such warnings.

Let’s look at this example, when www.adtoad.com was searched in Google, a warning is displayed beneath the title in Search Engine Result Pages (SERP) that says “The site may harm your computer” which makes sense to the user that it is perilous.

Google warning displayed on identifying malwares

When the user still tries to click that link, for further prevention and user protection, again a warning is displayed to return from this page. Their other option is, they can visit Google’s Safe Browsing diagnostic page for knowing the detail information, why it is a threat to the user, and what exactly happened when Google visited the website.

Google warning on malware attack

Google will intimate the website owner via webmaster tools whenever they detect the infected websites or pages, and in Search Engine Result Pages (SERP) two levels of warnings are displayed to the searcher with a link attached to it.

  1. The site may be compromised.
  2. The site may harm your computer.

The first warning is shown when the site has been hacked and complete control is taken by some third party without any owner’s permission. Anyone can contact the webmaster and help them to resolve this issue

The second warning is shown when there is a possibility of malware software to install on your computer system which is likely to damage your data or gain control over it.

Is Your Website Malware Infected or is it a Phishing Attack?

If the website is infected with a malware then it’s a huge loss to both customer and company. Search Engines flag the malware-infected websites as harmful and place them in black list, so that it can avoid users to visit that site and prevent their computer from being infected. Further, the site may be dysfunctional for more than three weeks which leads to loss of revenue to the company.

Is site malware infected or its a phishing attack

From the above example, it is clearly stated that the www.financereports.co website contains malware and it can harm your computer in any form. The above warning is so daunting, user deliberately tries to go back leading to loss of reputation to the website.

When a website has fallen for phishing scam then it simply means a bogus website is created by an attacker, resembling the original website. Sadly many website owners don’t become aware of it until webmaster tool or external entity alerts them, but often by that time it’s too late and chances are many user’s might have got duped.

phishing attack on website

This example is an answer to it. For user protection, browser tries to warn that they have found this website suspicious. Here, though only a part of the page is falsified, Chrome reports to the user that the searched link is a complete phishing website and warns him to Go Back for their safety. Moreover, it is also de-listed in the search database and warns the webmaster to take a review of it. But till then the authentic websites are losing their reputation and traffic to their website due to phishing websites, and customers are less likely to do business with them.

How Do They Actually Hack Websites?

According to netcraft interpretation, majority of the victims of phishing attacks are WordPress users. One such example is, an obscure WordPress add-on script which is used by attacker to rewrite the script and exploit websites. So basically we wonder, what kind of script is so vulnerable to compromise more than 1.2 million websites? Well, it is a timthumb.php script and its basic purpose is to re-size photos on the web, that is used by many third-party WordPress plug-ins, enabling hackers to rewrite the code and link to it as long as their limit is granted.

For instance,

  • If you’re a WordPress user and you installed a third party plug-in, which uses timthumb.php utility.
  • This utility includes a check that passes content from few hard-coded list of sites such as flickr.
  • This check ensures if the listed domain name is mentioned in the URL, e.g. if flickr exists within the URL path, then it allows through, which means attacker can create a domain like flickr.hackers.com, and pass with ease.
  • Once it gets through, attackers can easily insert php files e.g. “phpshell.php” into the web servers and execute their written php to gain control (can inject htmls, modify database etc).

How Do They Benefit From Such Attacks?

You might have witnessed the huge phishing attacks taking place these days. There are innumerable cloned websites which claim to be legitimate but unfortunately they’re not. Rather, their main purpose is to trick people and gain sensitive personal information from the user by spreading those injected html files virally.

For spreading, they use various communication means like posting in comment section of any other blogs or by sending e-mails rigorously to the users or any social streams, insisting user to click that URL link. When clicked, these attackers can take complete advantage over it.

So, it might make you think whether you were attacked by this kind of phishing scam. Well, if you came across any bogus e-mail which asks for your personal information like credit card details, username and password or any social security numbers or providing you a link within it to click then surely you were also the victims of this phishing scam.

Phishing attack scam email

Recently one of the mail (ref above image) which dropped into my inbox, requested to contact the financial institution on the pretext that my direct deposit payment was declined due to outdated software. Surprisingly, this mail was completely unrelated to any of my deposits or payments. The suspicious warning on top gives an indication that it is a fraudulent message used on others too for stealing personal information.

fraudalent email details

On digging further, it gave me complete proof that it is nothing but a phishing scam, which was trying to steal information. Here, this scam used an authorized electronic payment association name i.e. www.nacha.org to deceive, so that it can gain complete control over the user to make a payment. Fortunately, Nacha.org has already alerted the users to be aware of such fake e-mail scams.

Paypal phishing site

From the above example, user might think he is visiting PayPal website and foolishly provides his username and password to enter into his account but unfortunately in background this details are received by the scammer. This so look-a-like homepage of www.paypal.com is not an authentic PayPal website. As you can see, the URL is completely inappropriate and fake. It is nothing but a phishing website which simply deceives and entices the user to provide their credential data for their benefits. Refer some more examples on phishing websites.

How To Safeguard And Eliminate The Risk

Precautions to Website Owners:

  1. The foremost thing website owners must do is to subscribe to the Google and Bing webmaster tool, which regularly crawl and update the site owner whenever they find suspicious malware/url/content in their site. Webmaster tools also sends email to admin@yourdomain…. webmaster@yourdomain..
  2. Whenever Google marks any URL as infected, it updates their safe browsing API.
  3. Our SEO software SearchEnabler is also good at finding malwares. SearchEnabler uses Google’s safe browsing API to regularly update the malware signatures and notify the user when it encounters malwares in their sites.
  4. SearchEnabler malware scanning and alerts

    Edit: We have created interactive guide using Whatfix, to provide step by step instructions inside SearchEnabler app.


    whatfix flow to check malware in a website.

  5. It is strongly recommended to set a solid password for web server files and regularly backup the server configuration file, in case it is needed in worst scenario.
  6. Always check for vulnerability and try to patch it at the earliest. For instance, TimThumb Vulnerability can be fixed by either downloading a plugin or modifying php
  7. Ensure your hosting company is up to date with all the security support.
  8. Regularly monitor your site, try sanity check by searching site:example.com in Google, if you come across any unknown pages indexed from your domain, immediate scan your site and cleanup.
  9. If you are notified that your site has been compromised then immediately try to clean your site.
  10. Phishing websites can be reported to sources like MillersMiles, PhishTank which helps to fight against scams.

For further information about malware, preventive measures and complete statistics of infected websites, visit StopBadware.org

Malware is really a severe problem not only to the visitors but also to the site owners, especially if you’re losing your reputation and online business in search. Unfortunately, many website owners are either unaware of it or they’re least interested to take care of it. Moreover, phishing website attacks are aggressively increasing year over year and suppressing huge losses to many industrial sectors. Take careful precautions and protect your website before it’s too late.


free searchenabler trial version

Try SearchEnabler SEO platform.
No credit card required. Quick setup.

Like The Article? Share With Your Friends !

  
 Vote on HN

Get blog posts via Email!

Only blog feed, No spam.

Connect With Us !

Add New Comment

Add Comment:

You must be logged in to post a comment.