The SEO industry has undergone a sea change over the past few decades, in parallel with search engines such as Google ensuring their algorithms become better and better at helping users find exactly what they’re looking for at any given time.
While many may consider that ‘black hat’ SEO techniques are resigned to the history books, there’s still an element of cat-and-mouse when it comes to attempting to stay on top of, and potentially outsmart, Google’s steady stream of core updates.
One particularly malicious form of organic manipulation is that of negative SEO attacks, which we’ll take a deep dive into today.
Negative SEO is the malicious practice of attempting to harm the standing of a website in the eyes of Google. Such attacks are aimed at diminishing the positive impact of SEO activities and damaging the rankings – and therefore organic traffic – that a site receives.
While not all aspects of negative SEO are actually illegal in terms of statute, it’s definitely an underhanded practice and one considered very much in the ‘black hat’ realm of the murky underbelly of the industry.
It will probably come as no surprise that negative SEO attacks are largely carried out by a website’s competitors - particularly in highly competitive industries such as betting, porn and finance, where grey and black-hat tactics are commonplace as the more unscrupulous companies attempt to keep pace with their respective industry’s heavyweights.
Search engines such as Google have done an awful lot to mitigate against, and potentially eliminate, most forms of negative SEO over recent years. However, much as is the case for SEO as a whole, there can be a (varying degree of) lag between a problem being detected and fixed at source and the residual impact in terms of dropped rankings and traffic being regained.
Some forms of negative SEO are undoubtedly effective in the short term - particularly if a competitor targets a specific, time-sensitive campaign you’re running - so it’s imperative business and website owners are aware of the different forms of SEO attack, and how to defend and mitigate against them.
There are many different types of negative or black hat SEO attack, and these constantly change as unscrupulous parties become more and more adept at keeping pace with Google’s ranking factors. The most popular negative SEO techniques in 2022 include:
This is when irrelevant or downright spammy and harmful backlinks and keywords are associated with the target domain.
Perpetrators have a range of options available when it comes to building spammy backlinks, which could be as rudimentary as building automatic forum / comment links - a la a lot of what constituted good SEO practice back in the early 2000s but is penalised in 2022 - or as sophisticated as building what could be ostensibly viewed as paid links from private blog networks (PBNs).
The association of spammy keywords with a domain largely works in the same way, with links being built either individually, or en masse, with spammy anchor texts such as porn, viagra, cannabis and other ‘grey’ industries.
You only have to take a cursory glance at a freelancing site such as Fiverr to see negative SEO services for hire from self-professed ‘black hat’ experts.
Potentially one of the oldest underhanded competitor tactics, businesses often find themselves targeted by malicious competitors intent on harming their reputation through the use of negative and fake reviews.
And with authority, expertise and trust now having substantial importance from an SEO perspective, such reviews may not only be damaging to a website’s reputation, but its SEO value too. When carried out in a sophisticated manner, fake reviews and testimonials can be tricky to distinguish from genuine ones, and companies have been known, in classic Streisand effect manner, to actually end up in more hot water than they would have been otherwise by trying to clamp down on such practices.
One of the most particularly nasty forms of negative SEO is geared around attempting to undo the hard work of a website in acquiring high-quality backlinks. Often the result of expensive, heavily targeted digital PR campaigns or nurtured publisher relationships, top-tier links have been proven to carry significant weight in terms of being an organic ranking factor.
False takedown requests see fakers imitate the genuine owner of the target website when chatting to publishers, often via email, and claim that their backlinks need to be removed as the result of a new Google policy or other falsified issue.
Given understandable site owner apprehension to being in breach of potential Google violations, this method of social engineering can be alarmingly successful. A similarly underhanded technique sees the attacker issue a false copyright or DMCA claim with the intention of having your genuine content removed at the expense of their own.
With duplicate content being relegated by Google, attacks that involve manipulation of a website’s copy are unsurprisingly commonplace. A duplicate content attack often involves the malicious party either spinning, or simply copy and pasting, your content elsewhere (often on tens or hundreds of different domains), with the hope of relegating the original source.
Search engines have become a lot more intelligent at detecting the true origin of content, so these attacks are more often than not completely in vain, but it’s not an entirely foolproof system – especially if your website is susceptible to indexing or publication date issues to begin with.
The final SEO attack we turn our attention to is perhaps the most obvious. By hacking a website or infecting it with malware, attackers are able to manipulate any and all aspects of your on-page strategy.
Sometimes, this will be as obvious as flooding your site with spammy content or removing existing pages, but on other occasions, subtler techniques will be employed, such as changing the attribution of your pages to noindex or deleting your sitemap.
With a range of negative SEO techniques available to prospective attackers, it’s crucial that you’re not only aware of what potential threats are out there, but also how to defend against them. The following are four critical black hat SEO avoidance tactics you need to consider:
The majority of leading SEO tools allow site owners to monitor their backlink profile for both new and lost links, so that either spammy links or links removed by the fake takedown request can be swiftly detected. Some services, such as Ahrefs, also allow you to tag backlinks of particular importance and set up alerts to notify you when these are lost.
It’s preferable to address the issue at source; that is, contact the sites responsible for either removing your link or adding it and asking them to either restore or remove it, accordingly. This can be an arduous task and one that may not necessarily yield positive results, either – with some particularly shady operators creating an industry out of charging an ‘admin fee’ for link removals.
In such cases, or in the event of thousands of backlinks being built en masse, thankfully Google has a last-resort mechanism in place for site owners, the disavow file. While relatively simple to upload a text file including a list of domains you wish to disassociate your website from, Google stresses exercising caution:
You should disavow backlinks only if:
You have a considerable number of spammy, artificial, or low-quality links pointing to your site,
The links have caused a manual action, or likely will cause a manual action, on your site.
When it comes to fake, negative online reviews, most major platforms, including Trustpilot and Google, offer built-in mechanisms for business owners to report malicious, fake and defamatory reviews - but as mentioned earlier, it’s important that you are certain you’re actually reporting patently false experiences.
Another aspect of online reputation management might be the natural nurturing of your user base to encourage genuine positive reviews and ratings, or at least being seen to respond to negative criticism in a measured and professional way.
In the event of your original content being passed off as originating from another source, the relatively straightforward solution is to file a copyright or DMCA claim to both the website’s host itself.
Online services such as Hosting Checker make it easy to determine who hosts a site and where, and they’ll usually have a copyright complaints or ‘abuse’ email address to send your reports to.
Depending on the standing and location of the host in question, your report may take a while to be processed, if at all. For this reason, it’s important you also file a report with Google about your negative SEO attack to have the pages in question de-indexed.
Finally, when it comes to the security of your website itself, it’s critical that you ensure any software is regularly updated, and that you have adequate protection against attacks in the form of a firewall, anti-malware tools and enhanced login protection.
Of course, the negative SEO examples we’ve explored in this article represent only a proportion of the different techniques attackers may try to undermine your website’s standing.
If you think your site might have fallen victim to a malicious black hat SEO attack but aren’t sure how to diagnose it or ensure any lost rankings are restored, our team of technical SEO experts are on hand to help. Contact us if you’d like to find out more about ICS-digital’s SEO services.