TraceSecurity Conducts Experiment That Reveals How Fake Sites Trick Search Engines

Baton Rouge, Louisiana — December 8, 2009

TraceSecurity, a leading provider of comprehensive, on-demand security compliance and risk management solutions, has released the results of an 18 month experiment to expose how easily search engine listings could be poisoned by malicious schemes.

The scope of the study involved mimicking the website of a real credit union on a “spoofed” domain to discover if search engines could be manipulated into linking to the fake website when someone performed a search for information about the real credit union.  The experiment had two primary goals: to discover the extent to which search engines could be manipulated by fraudulent websites, and also determine if anyone would be tricked into connecting to the fake site.

The experiment worked the way Stickley thought it would.  Not only did the search engines locate and index the fraudulent site soon after the experiment began, but some search engines even ranked it right along legitimate links to the credit unions actual site.  In many cases, the search listings actually ranked the phony link at or near the top of the search results.

The results of the study, based on data collected from May 9th, 2008 through November 12, 2009, indicate that Yahoo was the first search engine to return a listing for the fake website, only 1 day into the experiment.  Bing listed it 5 days later and Google acknowledged the link within its search results 30 days into the study.

Information collected during the year and a half experiment show that 10,568 people connected to the fraudulent site.

Complete details on the experiment can be found at TraceSecurity’s website or by clicking on any of the links below:

Full Article - Search Engine Results Poisoned by Phony Listings
MSNBC.com - Fake sites trick search engines to rank higher
Credit Union Magazine - Phony listings poison search engine results

About TraceSecurity
TraceSecurity is the market leader and pioneer in security compliance and risk management solutions, delivering cloud-based services to help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture.

TraceSecurity is a leading provider of IT security compliance and risk management solutions. With over 1,000 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, insurance, government and other regulated sectors.

TraceSecurity’s, flagship TraceCompliance Manager is the first comprehensive software-as-a service platform to integrate and automate vulnerability assessment, vulnerability alerting, regulatory compliance audits, policy management and dissemination, file/URL integrity monitoring and employee education and testing. Through a combination of its software and professional services solutions, TraceSecurity helps clients address all critical components of a successful IT Security Compliance program, including people, process and technology.

The company's expert professionals provide comprehensive security assessments that include vulnerability assessments, penetration testing, application layer testing, IT audits and risk assessments. The team also provides security policy development, security awareness training and social engineering assessments.

For more information, visit TraceSecurity’s website or call (800) 599-6077.

# # #

Note: TraceSecurity is a trademark of TraceSecurity, Inc.

FOR IMMEDIATE RELEASE:
Dariel LeBoeuf
225-612-2153
dariel@tracesecurity.com