Google Scam Targets Australian Cat Owners

Australian Cats Google Scam Targets Cat Owners in Australia

Google Users Warned About Searching for This Specific Cat Breed in Australia

Cybersecurity experts are warning Google users to avoid searching for the phrase “Are Bengal cats legal in Australia” as it has become a conduit for phishing scams that could compromise personal data. Hackers are reportedly targeting users who search for this specific phrase, directing them to malicious websites that steal sensitive information. This is the latest example of “search engine poisoning,” a technique where cybercriminals manipulate search engine results to lure users into their traps.

How the Scam Works

When users type in “Are Bengal cats legal in Australia” on Google, they may encounter certain search results designed to look like legitimate resources. However, some of these results are “poisoned” — they are crafted by hackers who manipulate the SEO (Search Engine Optimization) of their malicious sites to appear higher in search results. Unsuspecting users who click on these malicious links are redirected to fraudulent sites that prompt them to enter sensitive details, potentially handing over valuable data to cybercriminals.

In this specific campaign, experts have identified a connection to the notorious Gootloader malware, which has been deployed in similar attacks globally. Once on these sites, users are either encouraged to download files under the pretense of accessing a “secure PDF” or enter personal details to continue reading. Downloading any files or submitting personal information on these pages may result in direct exposure to malware, which can compromise financial accounts, personal information, and even work-related credentials.

The Role of Search Engine Poisoning in Hacking Attacks

This tactic, known as search engine poisoning, is not new but has become more sophisticated. Cybercriminals understand the types of searches that generate curiosity and use these trends to create traps for potential victims. By flooding search engines with links to malicious sites related to popular questions — such as the legality of Bengal cats in Australia — they increase their chances of luring curious individuals. This type of hacking has proven successful, as users often assume that high-ranking results are safe.

Once on a malicious page, users’ computers and networks are at risk. Hackers may plant malware capable of logging keystrokes, capturing screenshots, and even gaining administrative control over a device, putting both personal and professional data in jeopardy.

The Cost of Falling Victim to a Phishing Scam

For internet users, especially those in professional fields, this attack is a strong reminder of the importance of online vigilance. According to IBM, the average cost of a data breach in 2024 rose to a record $4.88 million, reflecting the increasingly high stakes of cybersecurity threats. Cybercrime tactics continue to evolve, exploiting even the most innocent of online behaviors.

SUPERAntiSpyware advises users to verify any unfamiliar link, avoid downloading unverified files, and use anti-phishing tools to stay secure online. For the most comprehensive defense, why not try our Professional X Edition?

Watch out for fake PayPal “unable to complete your recent transactions” phishing emails!

Phishing Emails Watch out for fake PayPal

We here at SUPERAntiSpyware have noticed a fairly recent clever email phishing campaign that claims to be PayPal. In the email the fake PayPal scam artists attempt to scare users into thinking that not only have their recent PayPal payments been declined, there is also unusual selling activities and they “will need some more information” about your recent sales in attempt to steal your information.

Example of the phishing email

Phishing Emails

We here at SUPERAntiSpyware recommend you simply delete this email, and do not click any links within the email, especially the fake blue “Check Your Accounts” button. If you have been scammed by this email, immediately change your PayPal account password and consider looking into changing your spam settings to avoid future spam emails such as these. Remember, if you do not recognize the sender address, do not open the email, and if you do open an email such as this always hover your mouse pointer over the emails links to see where they’re trying to take you, usually phishing emails links will point you to a website that has nothing to do with the company they’re posing as.

Watch out for fake Office 365 phishing emails!

that claims to be Microsoft attempting to inform users their Office account email storage space is almost full and to prevent incoming/Outgoing mail from getting bounced back, to click the supplied link to add an additional 10 gigs of free and mandatory storage. This of course is an obvious scam to phish your password as the link takes you to a fake Office 365 login screen.

Example of the spam. Beyond the obvious sketchy character of the email, hovering over the links within the email with your mouse pointer clearly shows it takes you to a different website and not a Microsoft website.

We here at SUPERAntiSpyware recommend you simply delete this email, and do not click any links within the email. If you have been scammed by this email, immediately change your Office 365 account password and consider looking into changing your spam settings to avoid future spam emails such as these. Remember, if you do not recognize the sender address, do not open the email, and also if you do open an email always hover your mouse pointer over the emails links to see where they’re trying to take you.

Watch out for fake “Microsoft account Verify your email address” spam!

Verify Your Email Address

We at SUPERAntiSpyware have noticed in uptick in spam that claims to be associated with verifying your email address to set up a Microsoft Account.

Fake Microsoft account verification email

We recommend you immediately delete this email, do not click the “Verify Your email address button” it will redirect you to a known phishing site to try to steal your account information. You can tell the button is fake by simply hovering your mouse over the button and taking a look at the URL, clearly non-Microsoft related.

Clicking this button does not verify your account, it brings you to a phishing website that will lure you into giving up your account information!

If you have been scammed by this email, immediately change your Microsoft account password and consider looking into changing your spam settings to avoid future spam emails such as these. Remember, if you do not recognize the sender address, do not open the email!

Typosquatting: Another front of malware attacks

Typosquatting is a type of internet scam that relies on end users making mistakes, such as spelling errors or entering the wrong domain name when entering a websites URL. It is also commonly known as URL Hijacking. There are many motivations for a hijacker to take the Typosquatting approach to deceiving unsuspecting victims:

1) To redirect web traffic to their own or a competitor’s product.

2) Installing malware to infect the user’s machine, typically with ad-hosting pieces of malware.

3) Freeze the web browser for a fake Tech Support scam, scaring the user into calling a fake tech support number claiming the user has a virus infection. These scams potentially cost the users hundreds of dollars.

4) To steal user information by running a phishing scheme to mimic legitimate website.

5) Making revenue from the user clicking on advertisements (either in plain site or disguised as legitimate search links) on the Typosquat website.

6) To blackmail or strong-arm payment from the company they’re Typosquatting in order to force a purchase of the website from the Typosquatter.

A scammer who runs a Typosquat scam typically registers a website address with spelling close to the legitimate websites address. This is typically something simple like omitting a letter, adding a letter, or using a different Top Level Domain. For example if a user wants to go to our website, they may end up typing superaantispyware[dot]com with double a’s. This will end up showing a user a Typosquatting website such as this:

Another type of Typosquat scam would be due to the person improperly typing out the full URL, typing something like google [dot] om , rather than typing google [dot] com. In this instance, the person typing the .om domain would actually be viewing a page hosted on Oman’s Top Level Domain, rather than the basic .com domain. In some instances, large corporations will buy up as many associated domains as they can in order to prevent this type of mistake (Google, for example, has variants of their site containing multiple o’s and different Top Level Domains); however, not all companies have the foresight and/or money to do this.

It is easy to avoid falling prey to a Typosquatting scam. Here are a few easy things you can do to prevent this.

1) Never open links in emails from unexpected senders, and exercise caution when visiting sites you’re not familiar with.

2) Bookmark your favorite websites so you can easily access them.

3) Use a search engine like Google, Bing, or Yahoo when looking for a specific website if you are unsure about the spelling or if the business’ website is the same as their name. Some car dealerships, for example, use dealer names or slogans as their website.

4) Double check the URL you are typing before loading the page

5) Make sure Real-Time Protection is turned on in SUPERAntiSpyware Professional

6) If you are starting a web-based business, consider buying multiple domains that are similar to your primary site to preemptively stop Typosquatters. Most domain registrars will offer bulk rates when you purchase more than one domain at a time.

While this type of attack is somewhat uncommon by today’s standards, it still happens every once in a while. By practicing safe browsing habits, keeping your web browsers up-to-date, and running regular scans of your machine, you should not be impacted by most of these types of attacks.