Scammers Hijack Google Search AI Results

Recently, Google has started baking artificial intelligence (AI) into its standard search results. However, the new AI-powered responses have been criticized for giving credibility to scams, including leading users to malicious sites where their systems could be compromised by ransomware and similar.

Although the baked-in artificial intelligence results have already been available for people who have intentionally asked to try it, what's important to note is that Google is now rolling it out for some ordinary users when they carry out a search.

The idea of the new tool is to better handle searches where users simply want an answer to a question, rather than necessarily wanting to visit a website. The theory is that the AI will scan through the websites which would normally rank highly, summarize the information on the sites, and try to generate a response to the question. (Source: googleusercontent.com)

Scam Sites Promoted

As well as giving the potential answer, the tool will list some of the sites which users could visit for more details or to achieve a particular goal. This all appears before the normal list of search results.

Critics say that's a particular problem as referring to sites as part of the generated answer could lead users to believe Google is vouching for their credibility and trustworthy, more so than simply listing them in search results.

That's bad news if, as happened in one case spotted by search engine optimization consultant Lily Ray, the sites Google refers to are part of a scam. Ray highlighted a search for puppies for sale that led to a suggestion of multiple sites which are created specifically to look like legitimate sites, both to users and Google's algorithms. (Source: bleepingcomputer.com)

Bogus Browser Notifications

However, clicking on the link redirects the users multiple times until they end up at a malicious site. They use tactics such as a fake CAPTCHA challenge or a supposed YouTube video to trick the user into allowing the site to show notifications in Chrome even when the user isn't on the site.

They then get barraged with "notifications" that are actually either advertisements or fake security alerts. The goals vary but include getting people to install legitimate software to earn the scammers commission, hijacking the browser, or collecting personal information.

Google says it continues to evolve its system to stop scam sites ranking highly and notes the problem is mainly happening with less common queries. However, the big concern right now is that these scam sites are not only appearing high up in the rankings, but are also getting a boost of credibility in the new way Google is presenting them.

What's Your Opinion?

Have you noticed the Search Generative Experience appearing in your Google results? Is using AI to answer questions a smart addition to search results pages? Should Google pause the trial until it can be more certain the sites it "recommends" are legitimate?