In May, Google announced a round of core updates to its search engine ranking system in a bid to adapt to the rapidly changing environment.
The company says that the primary reason for making core updates is “to improve the overall relevancy of search results”. Well, there’s still work to be done, I guess.
The short version of the story:
A website that Google finds authoritative enough to feature its pages at the top of Google News results got hacked and is being used as a “tunnel” for a Chinese speaking hacker/s.
With over thousands of searches on Google for “how to make money off NFTs” related queries every month, innocent users are being lured and redirected to another domain, where eventually they end up being scammed on WhatsApp or Telegram.
Let’s start from scratch.
Meet Asia Insurance Review
Asia Insurance Review is a Singaporean financial service provider launched in 1991 to address the information needs of the insurance sector.
One morning we came across those results when searching for the term: “NFT” on the Google News tab:
What you’re seeing is the “hidden play”.
You see, there’s the main Asia Insurance Review website, which looks perfectly normal on a first impression. But behind the scenes, someone planted a subfolder called /app/ which takes you to a completely fraudulent-looking landing page.
In that subfolder, the hacker published dozens of HTML pages and optimized them for the queries you’re seeing in the above screenshot.
- “Do you make real money on NFT”
- “Can anyone make money from NFT”
- “Can I make money selling NFT” , etc.
So you’re probably wondering – what the heck? Why?
According to Ahrefs.com, the “how to make money off NFTs” monthly search volume cake is not that small:
What you’re looking at is someone who clearly did some SEO research in advance, managed to hack that website, lined up a bunch of HTML pages that rank on Google and lure users who want to learn how to make money off NFTs into traps. Walla.
Once the users visit the HTML pages, they get redirected to another domain, wager07.xyz, which contains another fraudulent-looking landing page:
Now usually at this point any normal person would stop, obviously nobody wants to click buttons on a scammy looking site and potentially catch malware. But the story had to continue.
So we reached out to a friend who works in a cybersecurity company to find out where this landing page takes him.
We got to this phone number:
A Chinese “Hey there, I’m using WhatsApp” text with a UK country code. Classic.
My goal was to talk to the person, pretend that I’m desperate for extra cash, and try to get a crypto wallet address or something that later on we could look into, perhaps, find if any transaction was made to this wallet, and in general – to see how many people fell for this scheme.
Here’s what I was told:
We waited and waited, followed up to understand what’s next. Nothing happened. It could be that the other side realized what we were after.
Lesson to learn from this story – if there’s a doubt, there’s no doubt. Do your own due diligence.