Google’s recent rollout of the Search Generative Experience (SGE) feature in its search results aimed to enhance user experience by providing AI-generated summaries and recommendations for related sites. However, concerns have arisen as the SGE algorithms have been found recommending spammy and malicious sites, leading unsuspecting users to fall victim to scams.
SEO consultant Lily Ray flagged this issue, noting that the recommended sites within SGE responses often lead to malicious destinations. Investigation by BleepingComputer revealed that these sites frequently employ .online top-level domains and similar HTML templates, suggesting they are part of a coordinated SEO poisoning campaign.
Clicking on these recommended sites initiates a series of redirects, ultimately leading users to scam sites. Common redirection paths include fake captchas or YouTube pages prompting visitors to subscribe to browser notifications. These notifications, once accepted, inundate users with unwanted ads, including tech support scams, fake giveaways, and browser hijackers.
Some redirects even push unwanted browser extensions that hijack searches or engage in other malicious activities. Among the scams promoted by SGE results are fake Amazon giveaways promising Apple products, aimed at harvesting users’ personal information for resale to other scammers.
What exacerbates the situation is Google’s AI responding in a conversational tone, lending credibility to the recommended sites. This can deceive users into trusting malicious sites they would otherwise avoid. Despite Google’s efforts to combat spam through continuous updates to its algorithms, spammers persistently adapt their techniques to evade detection.
Google has taken action to remove the identified examples and asserts its commitment to safeguarding SGE against spam. However, given the evolving nature of spam tactics, users must exercise caution and verify sites before visiting them. Additionally, learning how to unsubscribe from browser notifications is crucial for mitigating the impact of spam sites.
For Google Chrome users, unsubscribing from browser notifications involves accessing the notification settings and removing subscriptions from unwanted sites. By proactively managing notification permissions, users can minimize exposure to spam and protect their browsing experience.
For Google Chrome, you can do this by following these steps:
- Open Chrome > Settings > Content > Notifications.
- Under “Allowed to send notifications“, you will see a list of sites that you have subscribed to browser notifications. For each one, click on the the three dots next to the URL and select Remove to revoke the subscription.
As AI increasingly shapes online search experiences, it’s imperative for both users and platforms like Google to remain vigilant against emerging threats and prioritize user safety and trust.