Backlink exploration into a panic mode
TLDR: Browser alerts be the gatekeepers, don't take the risk.
I was just looking at the monthly analytics of my Substack blog on my mobile. Then I went to Google Search Console to look at a few things and while I was there I looked at the backlinks1 section.
There I found a website address (for safety purposes, I’m not displaying that address in any format for now) and I wondered what is it doing here. So I clicked on that section to view the details. It was linked to my Napoleon's Canvas Journey video.
Naturally, I got curious. I mean why?
The incident
Feb 14, 2024 | 11:04 PM: I was on my mobile, copied that URL opened a new tab, pasted, and hit go!
Chrome displayed a safety error. I was careless for a second (out of curiosity), so, I hit proceed.
It displayed a loading animation and displayed a pop-up in Chinese language. I panicked at that moment. Immediately left.
11:05 PM: I opened Chrome's settings and cleared the cache. Then, I cleared browsing data, including cookies and other items, for the last 15 minutes, except for browsing history. Finally, I force-stopped the app.
I had no idea what I was doing, it was like my protective instinct kicked in. I just did some safety measures I know. Of course, I regretted the action of exploring this site.
I was restless after that. I mean I wanted to know what just happened. Otherwise, I may overthink this and it will not look cool.
So from 11:06 to 11:30, I searched for the site's legitimacy. Some of these websites flagged some errors and concerns, while others gave the all-clear signal. But for me, it was not believable. Googled the domain and found that it is a brand in the Personal Care sector. Checked its FB page, and the website address matched with the same.
So I decided to open that website again, but this time, carefully watched everything.
Opened my laptop, and I found a platform that helps us to remotely access a website. I typed in that "suspicious address" on a Windows 10 PC using Chrome’s v119.
11:32 PM: Displayed the same safety alert I saw earlier. It said something like…
Deceptive sites (also known as "phishing" or "social engineering" sites) try to trick you into doing something dangerous online, such as revealing passwords or personal information, usually through a fake website.
I clicked proceed again. Saw a loading animation and again that pop up. I translated it into English (thanks to Chrome). It says to choose a model from the four options.
I clicked on the domain name model.
11:33 PM: It is now displaying a familiar UI in the Chinese language. Yes, it is the UI of Microsoft’s Bing AI. At this moment it is clear that it is some phishing site.
I tried to enter a message and it responded something, but everything was in Chinese. I didn't bother to translate. Closed everything and decided to dive into some research about this kind of online attack.
I typed the things that happened and the things I did to Google’s Gemini app.
I got this response back.
Relax, but stay cautious:
Closing the website quickly minimizes the potential risk. Most malicious websites need time to exploit vulnerabilities or inject malware.
Clearing your browsing data for the last 15 minutes removes any potential tracking cookies or temporary data associated with the website.
Scan your devices: Although unlikely, it's best practice to run a reputable antivirus scan on both your phone and laptop to ensure no malware slipped through.
Monitor your accounts: Keep an eye on your online accounts for any suspicious activity, such as unauthorized login attempts or changes to your personal information. If you notice anything concerning, change your passwords immediately.
Be mindful of future clicks: Avoid clicking on suspicious links or "proceed to..." buttons without knowing where they lead. If unsure, err on the side of caution and avoid them.In the meantime, I scanned every device with built-in antivirus systems and a third-party app. So far nothing found. Monitored device’s battery performance and it is usual. No overheating or anything.
Just for safety, I turned off the WiFi for half an hour and then again monitored the data usage. It felt normal.
I logged out from platforms which I usually always logged in. Before going to bed, turned off the WiFi and mobile data on my mobile. Looked at the data usage on my ISP account, and no data usage fluctuations were found.
To some, it may feel like a person who is paranoid.
But I’d say think about which era we are living in. All it takes is one lapse in judgment or a single careless misstep to expose ourselves to potential online risks.
Also, read the below article from The Verge.
Especially this “…ChatGPT for research into targets, to improve scripts, and to help build social engineering techniques.”
Conclusion
While I've encountered browser alerts, sketchy pop-ups, and different language websites before, this one stood out. I made a curious mistake out of the blue, but it wasn't anything sketchy that found me, I just went ahead and discovered something new without knowing any better.
But I still don't understand how it became a backlink for my blog.
So again asked Gemini.
These are the possible reasons behind this tactic.
Negative SEO
Black hat SEO
Content scraping
Accidental linking
Misrepresentation
Unfortunately, I didn't record the screen in any way. I thought I’d take that while writing this blog. Anyway, I again tried to access this website on 15 and 16. But now it is showing a “404 Not Found” error.
As a first-time experience and to be extra cautious, I decided to give it two days before publishing my blog. My goal was to make sure that, I wouldn't be unknowingly opening any doors to potential problems.
I have the option to Disavow the backlink. Looking into that, it’s a little bit tricky.
Just to be extra safe, I created backups of the most important things.
Lesson learned. Never again.
The whole point of this blog is to help at least one person out there. If it does the trick for someone, then I believe it's done its job!
Also read “The dark side of ChatGPT: Hackers tap WormGPT and FraudGPT for sophisticated attacks”
A backlink is a link from some other website to that web resource.