51 % of website hacks are in some way connected to SEO spam
Decades after the invention of the Internet, search engine optimization is looked upon as something of an arcane craft.
Complicated and poorly-understood by laypeople, it’s an easy target for spammers and scammers looking to make a profit with little to no effort. The good news is that defending yourself starts with the right knowledge.
As long as search engines have existed, there have been people who try to abuse their algorithms to make a profit. Scammers who care less about providing anything of quality than they do about gaming the system for personal gain. In the early days of search engine optimization (SEO), it was hard to tell the difference between these “black hat” SEO professionals and everyone else.
As companies like Google have continued to tweak and refine their algorithm, the gulf between legitimate SEO and spam has grown increasingly wider. As we’ve gained a better understanding of the rules surrounding content creation and optimization, it’s become easier than ever to recognize scammers for what they really are. Not that it’s stopped them from trying.
From robocalls to content theft to outright hacking, scammers and spammers have a whole range of tricks in their repertoire. Awareness of their tactics and techniques is the first step to protecting yourself against them.
The tactic: We’ll start with the most damaging — mostly because it involves actually attacking someone’s website. According to research released by cybersecurity firm Sucuri, 51 percent of website hacks are in some way connected to SEO spam. The most common of these is what the organization refers to as “search engine poisoning,” where criminal attempts to monetize a site that’s high in the rankings.
How they do this varies.
They may redirect visitors to spam pages they’ve created when they visit the website. They might create a host of new websites and pages in a server’s root directory, masking them as subdomains of the original site. Or they might simply play the waiting game, infecting visitors with malware or ransomware, unbeknownst to the site’s owner.
How to protect yourself: Search engine poisoning isn’t actually as egregious as you might think. It’s not always obvious that your site is infected. If you aren’t paying close attention to the Google Search Console, this can easily escape your notice.
To prevent that from happening, verify your property with Google’s Search Console. It will then notify you of any suspicious activity. You can also keep an eye on the search terms that people are using to find your site. If the keywords are completely unrelated to your content, you’re probably compromised.
That aside, follow some of the following basic website security practices:
- Don’t use the default username and password for your admin login. Change both, and make sure your password stands up to scrutiny using a tool like Kaspersky’s Secure Password Checker.
- Keep your software up to date. Don’t slack off when it comes to applying security updates. Patches should be applied the instant they become available.
- If you’re using WordPress or a similar platform, consider installing some plugins to help you manage security and reduce SEO spam.
The tactic: As artificial intelligence continues to gain prominence, spammers have seized upon the technology to flood the web with fake content. Perhaps unsurprisingly, this content is usually little more than a hodgepodge of buzzwords and jargon. It’s ultimately valueless, meaningless, and incoherent.
Yet it could still be enough to fool search engines, at least in the short term. As a proof of concept meant to represent the risk, this could pose, marketing agency Fractl used a tool designed to detect and generate fake news to create its own AI-generated blog.
And note that this is the technology in its early stages – as artificial intelligence continues to gain ground, things could get a whole lot worse.
“From my point of view, this is sort of a new era of risk for Google and other search engines – and the Internet as a whole,” Kristin Tynski, Co-Founder and SVP of creative for Fractl, told marketing-focused publication Adweek. “It seems like the beginning of an arms race between Google and content spammers.”
How to protect yourself: Put some effort into your own content. Assuming Google’s own algorithms can keep up with AI spam, then human-generated content will always outshine it. And if it can’t keep up?
There’s not a whole lot anyone can do.
The tactic: Plagiarism is one of the oldest tricks in the book, and the Internet has made it easier than ever. As anyone who’s created anything even remotely popular online will tell you, there’s no shortage of lazy hacks who will try to claim that work as their own. Content spinning is sort of the “next level” of plagiarism.
It’s stealing someone’s content and changing it just enough that it appears to be unique. You don’t even need to do it by hand anymore, either. There are plenty of content spinning tools on the web that automates the process – some of them even make bold claims about being “good enough to fool Google!”
Yeah, it’s disgusting.
How to protect yourself: I have some good news. Content spinning doesn’t work. As aggravating as it might be to see someone trying to profit off your stuff, you can take comfort in that fact.
As noted by Andy Crestodina, Co-Founder and CMO of web design agency Orbit Media, there are a few reasons for this.
Spun content is awful. When you “spin” a piece of writing using an algorithm, you’re more often than not left with a barely-coherent word salad.
Google hates spun content. The company has released multiple algorithm updates intended to crack down on spun content to great effect.
Spun content doesn’t generate engagement. Social shares and likes might not be ranking factors, but they do bring in more traffic and create more on-page engagement.
The tactic: You have a phone call from a number you don’t recognize. Answering the phone, you receive news that makes your blood run cold. Your website has been flagged for removal by Google, and your livelihood is at stake.
Except it isn’t.
SEO robocalls are the latest, most prominent blight facing webmasters around the world. They usually hit a few beats. The caller claims to be a representative of Google or a Google-certified partner with some inside information on your site.
They then try to frighten, bully, and browbeat you into giving them money. Because they claim this is the only way to keep your listing intact.
How to protect yourself: Hang up. Do not engage. Do not even entertain the thought of staying on the line to mess with them.
And understand that, with the exception of a few extremely rare circumstances, Google will never contact you over the phone about your listing. It will either notify you through the Google Search Console or not at all. It’s right there on the company’s own help site.
The tactic: Google Alerts is a great way to keep yourself up-to-date on the topics and keywords that are relevant to both your interests and your audience. Everybody knows that, including spammers. Not surprisingly, this means some of them are trying to abuse the Google Alerts algorithm to push their own garbage onto people.
How it works is quite simple. A spammer floods the web with keyword-stuffed thin content tied to a malicious website. That content shows up in Google Alerts emails, and accesses said website.
How to protect yourself: The good news about this tactic is that it’s neither widespread nor particularly difficult to avoid. Just pay attention to the sites that show up in your Google Alerts. A bit of mindfulness goes a long way here.
The tactic: We’ve all gotten an email or a message like it. Someone reaches out to us claiming to have some sort of inside track on SEO. They boast about how many websites and blogs they manage, and make bold claims about the heights to which you can take your content with their help.
All the while, it’s obvious they neither know nor care who you are and what you do. This breed of scammer falls into one of two camps. Either they know almost nothing about SEO and are trying to pretend as though they do, or they’re completely aware they’re trying to fleece you.
How to protect yourself: Ignore them. There are no guarantees in SEO. Moreover, SEO agencies that are genuinely worthwhile don’t need to cold call their clients with empty promises and tall offers.
Conclusion
SEO and spam have gone hand-in-hand since the earliest days of search engines. Yet as the craft of search engine marketing has grown more refined and the web more mature, the gulf between the two has grown wider and wider. These days, as ever present as SEO spam may be, it’s easy to recognize, provided you know exactly how and where to look for it.