For crores of Indians, the word "government" is synonymous with trust. However, this trust is under attack from cybercriminals who are constantly seeking new tactics to entrap more people – particularly the unemployed – into scams, as the government intensifies its push against digital crimes and awareness rises.
Around a dozen government websites have been found "poisoned" with malicious links promoting scams, often themed around betting, investment, and cryptocurrency.
In what appears to be a well-organised criminal enterprise, poorly secured government websites are injected with keywords and phrases related to popular online search topics, such as growing a YouTube channel, finding work-from-home jobs, affiliate product reviewing, self-improvement, digital marketing, blockchain, cloud computing, and ways to generate passive income.
When a person searches for these subjects on Google, tainted pages from government sites appear among the top search results. Since these pages belong to government domains, users are more likely to trust them and click on them, only to end up in scams, resulting in financial losses.
Websites belonging to state governments, municipal corporations, research and educational institutes, and electoral officials are among the victims.
The Online Building Permission System of the Assam government, Maharashtra’s Chief Electoral Officer, the Indian Council of Agricultural Research, Uttar Pradesh National Health Mission, Nagpur Municipal Corporation, the Centre for Excellence in Postal Technology of India Post, and Maharashtra’s Registrar of Firms are among the notable victims of SEO (Search Engine Optimisation) poisoning.
This tactic addresses a fundamental problem faced by scammers: reaching a larger audience online. This is often a significant challenge because search engines use algorithms that rank sites in search results based on their authority. These algorithms aim to reduce the likelihood of users encountering illegitimate sites. As government websites enjoy very high authority scores, the poisoned pages rank high on the search results page.
However, these pages take users through a maze of sites leading to scams and fraudulent investments.
For example, a search for "how to increase likes on YouTube" yields several results. Among them is a link to Delhi University, which is categorised as “safe” by McAfee WebAdvisor, but it leads to a dubious investment website with all the hallmarks of a scam.
India Today found posts on some forums selling SEO poisoning as a service. On BreachForums, one such post advertised delivering high-quality links with Domain Authority (DA) scores reaching up to 98, sourced from "high-authority sites", with a promise to comply with Google’s standards.
Cybercriminals exploit weak site structures, poor security, and other technical vulnerabilities to insert illicit content and links into many government websites. Some of the prominent manipulation techniques include stuffing keywords and phrases into open directories and cloaking – a technique that shows one version of a webpage to search engines and a completely different version to users.
In a recent report, British cybersecurity firm Sophos revealed that the notorious ransomware group "Revil" also uses SEO manipulation techniques to spread malware. In one such case, attackers used the phrase "Are Bengal Cats legal in Australia?" to deliver malware.
