Google Faces Backlash for Directing Users to Malicious Websites Through AI-Driven SGE

In a concerning development, Google's latest AI-driven search results feature, the Search Generative Experience (SGE), has come under fire for promoting websites associated with malware, scams, and spam. The SGE which provides AI-generated summaries and recommendations related to search queries, has been found to direct users to suspicious sites, raising alarms about online safety and the integrity of search results, per Bleeping Computer.

Google's AI-powered search results linked to malware and scams

The issue came to light in early March 2024 when SEO consultant Lily Ray flagged instances of Google's SGE recommending spammy and malicious websites within its search responses. These sites, often utilizing the .online top-level domain (TLD) and similar HTML templates, are suspected to be part of an SEO poisoning campaign aimed at infiltrating Google's index.

Upon clicking on these recommended sites, users are subjected to a series of redirects that ultimately lead to scam websites.

These scams range from fake captchas and deceptive YouTube pages to tech support affiliate scams and fake giveaways. Furthermore, some redirects may push unwanted browser extensions capable of search hijacking and other malicious activities.

The scams facilitated by the SGE results include fake Amazon giveaways and false promises of Apple iPhone giveaways, designed to lure users into providing personal information. Additionally, visitors may encounter misleading advertisements for products like McAfee antivirus, which are intended to trick users into purchasing unnecessary services.

What exacerbates the issue is Google's conversational tone in delivering search responses, which can inadvertently lend credibility to the recommended websites. Users may be more inclined to trust these sites, assuming they are endorsed by Google's AI algorithms. Including such low-quality and potentially harmful sites in Google's search results raises questions about the efficacy of the company's spam-fighting measures and the reliability of AI-generated content. While Google claims to continuously update its systems and algorithms to combat spam, spammers adapt their tactics to evade detection, creating a perpetual challenge.

How to stay safe from these scams

In response to the discovery, Google has taken action to remove the offending examples and states that it remains committed to safeguarding its search ecosystem. However, the prevalence of spam and malicious content underscores the importance of user vigilance and verification when accessing online information.

To mitigate the impact of browser notification spam associated with these scam sites, users are advised to unsubscribe from notifications through their browser settings. For Google Chrome users, this can be done by accessing the Notifications settings page and removing subscriptions from unwanted sites. To verify the legitimacy of a Google security alert, scrutinize the sender's email address and the content of the email. Check the sender's email address as genuine Google security alerts typically originate from no-reply@accounts.google.com. Be cautious if the sender's address differs and avoid clicking on any links or downloading attachments.

Authentic Google security emails often include personalized details and they are written clearly without grammatical errors. The email may be a phishing attempt if it appears generic or poorly written. Remember, Google never requests sensitive information like passwords via email. Hover over links to confirm they lead to official Google domains. Instead of clicking embedded links, access your Google account directly through your web browser to ensure security. Visit the Google account security checkup page to review account activity and permissions.

As AI technology continues to shape online search experiences, users must remain cautious and discerning when interacting with search results. While AI algorithms offer convenience and efficiency, they are not immune to exploitation by malicious actors. As such, a proactive approach to online safety, including verifying website credibility and staying informed about potential threats, is essential in navigating the digital landscape.