Pay Attention to the URL in Google
Below every result title there’s a URL in green. No matter what the title says, this URL is where your click will take you. Unfortunately, cyber-criminals will often list their site with a familiar and trusted title but link you to their scam/malware pages.
For example, the title could be your bank name (eg, Example Bank), which seems legitimate, but the URL could be www.baabpjhg(dot)com which is obviously not your bank. Sometimes they’ll attempt to trick you by putting the real site into the link too, eg www.baabpjhg(dot)com/examplebank.com which makes it even more likely to catch you when skimming through results quickly. When you visit the page, it might look exactly like your bank’s site and ask for your login details, which are then harvested for attack. While gibberish in the link is pretty easy to spot, sometimes they’ll take advantage of a small typo that you can easily miss. For example, www.exampebank(dot)com (missing the letter L). Another way to avoid this is to enter the URL of the site you want to visit directly in the address bar, instead of searching for the site.
Notice Google Search Results vs Paid Ads
Google does a pretty good job at making sure the most relevant and legitimate sites are at the top of the list. However paid ads will usually appear above them. Most of the time, these paid ads are also legitimate (and you can quickly check the URL to verify), but occasionally cybercriminals are able to promote their malicious site to the top and catch thousands of victims before being removed.
Believe Google’s Malicious Site Alerts
Sometimes Google knows when something is wrong with a site. It could be a legitimate site that was recently hacked, a security setting that’s malfunctioned, or the site was reported to them as compromised. When this happens, Google stops you clicking through with a message saying, “this website may be harmful” or “this site may harm your computer”. Stop immediately, and trust that Google has detected something you don’t want in your house.
Enable Safe Search
You can filter out explicit results by turning on Google Safe Search. While not strictly a cyber-security issue, it can still provide a safer Google experience. Safe Search is normally suggested as a way to protect browsing children, but it also helps adults who aren’t interested in having their search results cluttered with inappropriate links, many of which lead to high-risk sites. Switch Safe Search on/off by clicking Settings > Safe Search.