When searching the Internet, it is important to make sure that the link you click on is a legitimate web page. Cybercriminals are becoming more and more sophisticated, and not just because of the tools at their disposal. to access your personal data, but also in the way they encourage victims to open the door to them.

Sophosa cybersecurity company, warns cat lovers to be careful when searching for information online. Specifically, enter six words into your search engine and then “click on malicious adware or links disguised as legitimate marketing, or in this case, a legitimate Google search.” This could result in your personal information, such as your banking details, being stolen.

These are the 6 words you should not type if you don’t want your computer to be hacked

Earlier this year, a new variant of GootLoader was detected, prompting an extensive threat hunting campaign by Sophos X-Ops Managed Detection and Response (MDR). As is usually the case with a Gootloader, which is a type of malware, it turned out to be using search engine optimization (SEO) poisoning. This is a technique for placing malicious websites at the top of web search results, tricking unwitting victims into clicking the link.

The exact six words in question are “Are Bengal cats legal in Australia?” » Those who clicked on fraudulent links resulting from this specific search reported having their personal information stolen.

Typically the website will contain the information the person is looking for, usually contracts or other legal or financial documents. During the MDR investigation “The threat actor was using SEO poisoning through an easily accessible online forum found through a simple Google search.”

The user was looking for “Do you need a license to own a Bengal cat in Australia”, which caused a malicious URL to appear first in search results list explained Sophos. After the user clicked the link, they downloaded a .zip file which initiated the first phase of the hack. In the case of the particular user described in the report, the third step, the full deployment of the malicious tools, failed.

The cybersecurity company warns that “users still have to search for search results and search ads that seem too good to be true in areas that are off the beaten track.