Latest news with #Albano
Hamilton Spectator
2 days ago
- Hamilton Spectator
SEO poisoning scam tricked Ontario woman on fake CRA website — here's how to spot it
It looks like a regular Google search result, but this tricky scam has cost victims into giving up their personal information to fake websites. An Ontario woman thought she was lead to the Canada Revenue Agency website after a quick Google search. Instead, she ended up losing more than $26,000 after putting her personal banking information into a fake website. CTV reported on the case where the woman said she clicked on the first website that appeared at the top of the search engine page. It's a scam known as SEO poisoning. Here's what you need to know. SEO (search engine optimization) poisoning is a method used by hackers to manipulate search engine results to elevate the ranking of malicious or compromised websites, Kevin Albano, global head of X-Force Threat Intelligence for IBM, said in an interview with Metroland Media. The attack uses search engine optimization (SEO) techniques so that users who look up things on search engines like Google will see malicious or spoofed sites first, since SEO strategies push sites higher up in search results. 'The goal is to drive user traffic to these (compromised) sites, where users may be exposed to malware downloads, phishing pages, or scam content,' Albano said. Scam using the familiar 'I'm not a robot' verification tool targets sensitive information like The attack exploits users' trust in search engine rankings since those that appear high up in search results are seen as offering the best information. 'High search rankings add perceived legitimacy, especially when malicious sites mimic trusted portals or software vendors,' Albano explained. Scammers often use trending or high-traffic keywords, such as terms used in breaking news, popular software downloads, urgent updates or high-interest templates, and embed these keywords into malicious webpages that spoof legitimate ones. They may use tools like Google Trends to pick up trending keywords, which they add to their pages. Keywords are terms people type into search engines, and trending keywords are those that most people are typing into search engines at a particular time of day. Adding trending keywords into their spoofed pages improves the chances of these pages appearing in top search results, Albano said. 'In addition to keyword optimization, threat actors often build or acquire backlinks, including from compromised legitimate websites to boost the malicious site's SEO ranking,' he shared. Improving their malicious sites' search ranking puts their scam content higher up in search results and in front of more people, thus increasing their reach. They combine these techniques with malvertising, which involves hackers paying for ads so that their scam content will appear above legitimate results. Modern email platforms use advanced spam filters, protocols and AI-based phishing detection to block suspicious emails. 'In contrast, SEO poisoning targets search engines, bypassing traditional email and SMS defences entirely,' Albano said. He shared how hackers also use other deceptive techniques, including cloaking, which shows different versions of the website content to search engines and users. Cloaking cheats the SEO ranking by showing search engines like Google a version of the content (using malicious codes) that would make the webpage rank higher on search results; meanwhile, these codes are hidden from the version that the user sees, so they won't detect the hack. Most attackers also use geofencing or redirects to evade detection and spread malware or scams effectively, he said. SEO poisoning campaigns often infect the user's device with infostealers that pilfer sensitive information like passwords and banking details, among many others. Cybersecurity experts from IBM and Malwarebytes explain why infostealers — the malware behind 'AI enables automation of key tasks like keyword research, SEO-optimized content creation, and backlink generation, making it easier to scale operations and improve search visibility,' he shared. AI technology is reducing the time and effort typically required to push malicious sites higher in search results. 'While AI offers powerful tools for legitimate marketers, it also lowers the barrier for cybercriminals to abuse SEO techniques, leveraging them to distribute malware, phishing pages, or scams through poisoned search results.' Generative AI (GenAI) is also making it very difficult to spot a spoofed site. GenAI is now reportedly being used by hackers to create polished spoofed websites that are a perfect copy of legitimate sites, with flawless copy and exact replicas of brand logos. A University of Guelph cybersecurity expert says Canadians should expect smishing scams to Alabano advises people to watch for URLs with unusual words, and links pointing to unfamiliar or questionable domains. Also be wary of sites offering 'free' downloads or items that are typically paid for; 'these are often traps for malware of data theft,' he said. Additionally, the Canadian Centre for Cyber Security reminds people to inspect the URLs for misspelled words. An attack called typosquatting involves hackers acquiring common misspellings or slightly altered versions of legitimate website names like to trick users. The centre also reminds users to check if the web content is related to the search query and if the link extensions match the description. Error! Sorry, there was an error processing your request. There was a problem with the recaptcha. Please try again. You may unsubscribe at any time. By signing up, you agree to our terms of use and privacy policy . This site is protected by reCAPTCHA and the Google privacy policy and terms of service apply. Want more of the latest from us? Sign up for more at our newsletter page .
CBS News
21-07-2025
- Entertainment
- CBS News
Chicago family goes viral giving Pope Leo XIV "Da Pope" T-shirt at mass in Italy
A Chicago family on vacation in Italy had the encounter of a lifetime with Pope Leo XIV after mass on Sunday. Marcel and Ann Muñoz were decked out with their three kids in shirts reading, "Da Pope" — like, "Da Bears" from the old "Superfans" sketches on "Saturday Night Live." The shirts were what other color but Chicago Bears navy blue, with white text and orange lines. After mass Sunday at the Cathedral Basilica of St. Pancras in Albano outside Rome, the family was able to meet Pope Francis and give him an extra shirt as a gift. The viral moment even made it onto a post from Pope Leo XIV's official Instagram. The Muñoz family said they are Bears season ticketholders, and hope this was the blessing Chicago needs to kickstart a Super Bowl dynasty. "He turned left, and he just kind of beelined towards us, so whatever it is, it's like everyone else is, you know, very nicely dressed for a summer mass except us — so we did kind of stick out," said Marcel Muñoz, "but you know, it's one of those things where it's like: 'Hey, you're going to be here once. Hopefully, you can catch his attention.'" "How many people get this opportunity to be in front of the pope, to have his attention, to hold his hand? I kissed his ring, and you know, it's such — you feel blessed," said Ann Muñoz. The Muñoz family had to drive 45 minutes outside Rome to Albano where Pope Leo XIV was saying mass. They positioned themselves at a spot after services where they thought their big, bold shirt would get his attention — when it happened.
Boston Globe
19-03-2025
- Politics
- Boston Globe
New Yorker magazine contesting judge's order to turn over recordings of interviews with Lindsay Clancy's husband
The reporter, Eren Orbey, also interviewed the parents of both Clancys as well as experts on the issue of filicide, including one who is working for Clancy's defense. One person is identified only as a pastor, but most of the others are quoted by name. In February, Plymouth Superior Court Judge William F. Sullivan issued a subpoena for reporting materials related to the article at the request of Plymouth District Attorney Timothy J. Cruz's office. Advertisement Sullivan approved the subpoena without indicating whether he would review the material before providing it to prosecutors. In court documents, prosecutors said they needed access to the handwritten notes, emails, audio recordings, and voice messages between Orbey and people he interviewed for the story, including the person identified as the pastor. Prosecutors said the published article was crafted to generate sympathy for Lindsay Clancy and that journalists are legally required to comply with such court orders. The profile 'in both title and substance — is intended to portray the defendant in a sympathetic light and support her defense of a lack of criminal responsibility,' prosecutors said. The New Yorker, through First Amendment attorney Jonathan Albano, urged Sullivan to reconsider his order. (Albano also represents the Boston Globe). 'The New Yorker's sympathies are not on trial here,' he wrote. 'In fact, even a cursory reading of the piece shows The New Yorker's reporting is complex and nuanced, and is hardly 'in support' of the defense,' Albano wrote. Advertisement More significantly, 'the notion that the government could seek presumptively privileged, unpublished information from any news outlet that expresses sympathy for a criminal defendant is chilling and directly contrary to the First Amendment,' he added. Under both the US Constitution and the Massachusetts Declaration of Rights, the request by prosecutors is legally invalid and Sullivan should quash the subpoena, he wrote. Albano filed the magazine's response to the subpoena last week. No hearing is currently scheduled on the issue, according to court records. John R. Ellement can be reached at
