‘Secret’ searches with Google Dorks – are you secure?

September 29, 2016

In 2016 an unbelievably high amount of people rely on search engines to find vital information – and businesses need sites such as Google to reach customers, with both Search Engine Optimisation (SEO) and Pay Per Click (PPC) two bespoke marketing professions whose job it is to increase visibility via sites such as the American search giant.

Google searches 100 trillion pages, but what many businesses may not know is that information they don’t want to reach the public domain can sometimes end up on the internet’s biggest shop window – including passwords, usernames, emails and other sensitive information.

If the search engine indexes a page or file, this could be found by anyone who knows the right things to look for.

Whilst common searches would almost certainly never find these documents as they would never ‘rank’ in high searches, it is possible to ‘talk’ to Google in a slightly different language which can find files which otherwise wouldn’t be found – and you wouldn’t want to be found.

These Google ‘Dorks’ offer a way to find hard to reach information using simple commands.

Here’s some simple examples:

 

Site:examplesite.co.uk – this prefix will ensure a search is restricted to the website mentioned.

Filetype:xls – this search will restrict all results to Excel spreadsheet documents.

intext:password – this search will include results with the word or phrase used.

 

Alone many of these may seem far too vague – but if you combine them, they can get much more specific:

 

Site:examplesite.co.uk filetype:xls intext:password

 

This search is now searching a specific website, for a specific file which includes a keyword that may include sensitive data.

It is crucial that employees understand that information which is indexed by Google can be found – so make sure it is only content which you want in the public domain.

You would be surprised at what can be found via Google which could put your business’ finances or reputation at risk if in the wrong hands.

Ensuring staff in charge of uploading and updating items online are aware of the risks and know where they should keep relevant files which are not for prying eyes is crucial to rebutting this type of ‘secret’ search

For more information on the range of cyber security training available at our Cyber Security Centre, call 01254 54659 or email [email protected]

Need more help finding the right opportunity?

Complete the following details and we will get in touch.