SEO Poisoning Is Abusing LLMs

Key Findings

• ZeroFox has identified an escalation in Search Engine Optimization (SEO) poisoning campaigns using novel tactics, techniques, and procedures (TTPs) to abuse artificial intelligence (AI) large language models (LLMs) in order to increase the credibility of search results.

• ZeroFox assesses that threat actors are successfully tricking LLMs into believing these contact numbers and methods are credible by creating pages as questions, injecting them as PDFs into legitimate sites, and reposting them on long URL lists such as Pastebin and as comments on “crowd sourced” forums.
  • The threat actors are purposefully exploiting the .gov and .edu domains due to their “reputation.”
  • This is also being mirrored as comments on crowd-sourced forums like Goodreads or blog-style sites such as the ZohoDesk knowledge base. 

• These campaigns are likely to ultimately lead users to divulge their personally identifiable information (PII), suffer monetary losses, and cause reputational damage to the original brand. 

Details

In recent weeks, ZeroFox has observed an increase in SEO poisoning campaigns abusing AI LLMs. While SEO poisoning is not a novel tactic, the abuse of LLMs presents an escalated risk to unsuspecting victims due to the credibility these AI models have with the wider public. 

SEO is the practice of optimizing a website or content so that it appears higher in search engine result pages. Threat actors will “poison” SEO, exploiting the credibility of the top search results in engines such as Google or Bing in order to drive users to malicious websites or to pages that host fraudulent activity. This campaign poses a particular risk to businesses when threat actors exploit legitimate companies and brands as part of larger activities—either by directing victims to phishing sites, where they download malicious files and infect themselves, or by falsifying support hotlines and fake contact information. Ultimately, this can lead users to divulge their PII and suffer monetary losses, as well as cause reputational damage to the original brand. 

In searching how to contact a certain company in the travel industry, ZeroFox observed one of the first search results was a PDF file hosted on the University of Michigan’s share drive that contained falsified contact information. 

Digging deeper into the documents uploaded to the University of Michigan's share drive, ZeroFox observed dozens of these PDFs containing falsified contact details shared in the past 24 hours for multiple different entities across industry verticals. ZeroFox assesses is likely this content is being hosted on legitimate sites to increase its credibility.

Once the content has been initially hosted on legitimate sites, the threat actors recollect and repost this content on unaffiliated forums, such as Goodreads, and share it in long URL lists through Pastebin. This is likely to increase the chances of the content being indexed. Overall, these TTPs are indicative of classic SEO poisoning.

However, due to the quantity of these posts, the legitimacy of the sites where they are being hosted, and the multiple environments they are being shared across, LLMs are interpreting them as “legitimate” phone numbers and contact mechanisms. LLMs such as Gemini or CoPilot have a source-scoring methodology that is tied to the domain from which the content is being pulled. “Reputable” top-level domains (TLDs) like .gov and .edu are generally perceived as more trusted sources.  ZeroFox has identified fake contact methods and numbers uploaded to legitimate sites, including—but not limited—to: 

• knightadrc.wustl[.]edu
• intelligencestudies.utexas[.]edu
• mycehd.tamu[.]edu
• forms.business.colombia[.]edu
• cpm.tamu[.]edu
• spp.umd[.]edu
• gamingcontrolboard[.]pa[.]gov
• intercom[.]help
• goodreads[.]com/quotes

ZeroFox investigated the aforementioned content on the legitimate sites, as well as the associated numbers provided within the campaigns. The PDFs hosted on the sites contained fake customer service numbers and other indicators of fraudulent activity. 

Ultimately, by creating pages as questions, injecting them as PDFs into a mix of .gov and .edu websites, and using "crowd sourced" forums like Goodreads—all containing mirroring content—this campaign tricks the LLM into believing it is credible data.

This proof-of-concept has been reproduced with multiple other phone numbers, websites, and brand names. Overall, it reflects an evolution of SEO poisoning campaigns. While these campaigns are not novel, the attempts to abuse LLMs as a method to increase credibility of search engine results is an escalation in the TTPs for these campaigns. 

ZeroFox Intelligence Recommendations

• Be  vigilant for any .pages[.]dev domains.
• Implement monitoring for Pastebin domain lists. Example given:
  • how-do-i-contact-BRAND.pages.dev
  • ways-to-connect-BRAND-customer-service-via-phone.pages.dev
• Notify and collaborate with stakeholders regarding the identified fraudulent website activities and SEO poisoning strategies, as well as the incorrect contact methods being circulated. 
• Owners and IT administrators of .edu and .gov sites should be vigilant for large upticks in uploaded documents on their public-facing platforms.
  • Implement anti-bot mechanisms and/or authentication systems for said upload environments.

Scope Note

ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 10:30 AM (EDT) on July 24, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Appendix: ZeroFox Intelligence Probability Scale 

All ZeroFox intelligence products leverage probabilistic assessment language in analytic judgments. Qualitative statements used in these judgments refer to associated probability ranges, which state the likelihood of occurrence of an event or development. Ranges are used to avoid a false impression of accuracy. This scale is a standard that aligns with how readers should interpret such terms.