Deepfake clickbait tops Google search results for harassment victims
The findings highlight how loopholes in search engine optimisation (SEO) ranking allow malicious actors to hijack trusted domains and push fraudulent links above credible news coverage, effectively re-victimising survivors
Google's search algorithm is being exploited by attackers to push pornographic clickbait into search results for women who have already been targets of online abuse, a new report by research group Dismislab said.
The findings highlight how loopholes in search engine optimisation (SEO) ranking allow malicious actors to hijack trusted domains and push fraudulent links above credible news coverage, effectively re-victimising survivors.
One case involves Archita Phukan, known online as "Babydoll Archie," whose Instagram profile amassed more than a million followers before being impersonated through AI-generated images. Investigators said her former partner profited about 1m rupees ($12,000) from fabricated explicit content before his arrest in July.
Keep updated, follow The Business Standard's Google news channel
Despite the account's removal, searches for Phukan's name on Google returned "18+/XXX" clickbait links at the top of results, often outranking legitimate reporting. Dismislab found that more than half of the results for her name on July 21 were spam pages.
According to cybersecurity experts, the abuse stems from SEO manipulation. Attackers exploit vulnerabilities in university, government and corporate websites — including Cornell, Columbia, MIT, New York State's official portal and Dell.com — to plant hidden spam pages. Because Google's ranking system gives extra weight to .edu and .gov domains, the links are elevated to the first page of results.
Rather than hosting explicit material, most of the links redirect users through chains of websites to pornography or betting platforms, monetising traffic along the way. Dismislab said this tactic was replicated across searches for other harassment victims, including a Bangladeshi teacher, showing a broader pattern of abuse.
Google rolled out its "Site Reputation Abuse" policy in May to curb the practice, aiming to demote third-party content published mainly to exploit ranking signals. But researchers said slow update cycles mean cached spam headlines often remain visible even after pages are removed, while new compromised domains quickly emerge.
"Technology is showing its bias and insensitivity in re-victimising women survivors," said Manisha Biswas of the Bangladesh Legal Aid and Services Trust (BLAST). "This encourages crimes such as doxxing, sextortion and the spread of non-consensual images."
