Google's new AI search results promotes sites pushing malware, scams
Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.
Earlier this month, Google began rolling out a new feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries for search queries, including recommendations for other sites to visit related to the query.
However, as SEO consultant Lily Ray first spotted, Google's SGE is recommending spammy and malicious sites within its conversational responses, making it easier for users to fall for scams.
BleepingComputer found that the listed sites promoted by SGE tend to use the .online TLD, the same HTML templates, and the same sites to perform redirects.
This similarity indicates that they are all part of the same SEO poisoning campaign that allowed them to be part of the Google index.
When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site.
In BleepingComputer's tests, the redirects most commonly lead you to fake captchas or YouTube sites that try to trick the visitor into subscribing to browser notifications.
It is unclear how these low-quality sites are making it into Google's AI-powered search algorithms.
However, as AI becomes a more significant part of how we search online, it is becoming increasingly clear that we cannot automatically trust the information these algorithms produce and must verify sites before visiting them.
Google told BleepingComputer that they continuously update their systems and ranking algorithms to protect against spam. However, spammers also evolve their techniques to evade detection and get their content into the search index, making this a game of cat and mouse.
"We continue to update our advanced spam-fighting systems to keep spam out of Search, and we utilize these anti-spam protections to safeguard SGE," Google told BleepingComputer.
"We’ve taken action under our policies to remove the examples shared, which were showing up for uncommon queries."
Remove Google Chrome notification spam
As most of the scam sites promoted by SGE lead to unwanted browser notification spam, learning how to unsubscribe from them is essential.
To unsubscribe to browser notifications from a site, you can open the notifications settings page in your browser to see a list of sites that you are subscribed to.