Hackers are currently utilizing search engine optimization (SEO) tactics to direct users seeking common business forums such as invoices, receipts, or other templates to redirect them to hacker-controlled domains. According to eSentire’s Threat Response Unit, attackers are currently in possession of more than 100,000 malicious Google sites that seem legitimate but rather install a remote access trojan used to gain a foothold on a network. The attackers typically then infect systems with ransomware and credential-stealers to launch further attacks.

ESentire details how legions of unique, malicious web pages are impersonating popular businesses and using SEO tactics to appear in the first few pages of a Google search term, therefore attracting more victims. The pages include businesses-related keywords such as template, invoice, receipt, questionnaire, and resume, according to a report published by eSentire on Wednesday. This tactic is becoming increasingly common, according to the publication.