Search Engine Optimization (SEO) poisoning basically comes down to getting your web page high in the rankings for relevant search results without buying advertisements or using legitimate, but tedious, SEO best practices. Instead, threat actors use illegal means to push their page to the top. Sometimes, this technique is also referred to as black hat SEO. (Although the people selling these services will refer to them as “link building services.”)
So how does SEO poisoning work? And is it something site owners should actually try? Or should they avoid it at all costs?
SEO is short for Search Engine Optimization and it is a marketing strategy that is designed to make sure that your website is found if people search for certain keywords that are relevant to your business. The ranking of a site in Google’s search results is primarily based on how well the page is optimized, but it’s also based on “reputation.” The reputation of a page is calculated using the number of inbound links pointing to that page. It helps a lot if the incoming links come from pages that are about the same or related subjects, but a large amount of links coming from all kinds of sites helps as well.
Why focus on Google?
In this article, we will focus on how SEO works for Google. This is for a few reasons:
- Google is by far the most popular search engine, despite mighty efforts by their competitors. The fact that “Googling” is a verb in many languages should tell you enough.
- Google is relatively open about how its algorithms work, and you can find a lot of information if you want to improve the ranking of your search results, which is what SEO is all about. For good results, it’s imperative that web developers keep an eye on new updates and how these updates might influence their SEO strategy.
- Google is the industry standard in this field, and because of this many available SEO tools are limited to or aiming for Google results.
How does link building work?
Search engines want to serve you authoritative pages on the subject that you are looking for. One of the determining factors for the ranking in the search results is called the Page Authority. As you can see in the example below, the page authority is not just a matter of how many incoming links there are. And it is also not the only factor that determines your ranking in the search results. Even though the BBC site has more “page authority” on the keyword of “spyware,” the Page Authority calculation is based on many other factors and seems to take into account that detecting spyware is part of Malwarebytes’ core business.
Authority calculations and screenshot made with Moz Pro
So, a good method to be seen by the search engine’s algorithm as an authority in a certain field is to attract incoming links. And it is important that these links come from other authoritative sites in the field that your page aims to rank high for. Quality really outweighs quantity here. To accomplish this, you need a well-written and cleverly formatted (optimized) page that people will point to if they want someone to read an informative or explanatory piece.
When does link building become SEO poisoning?
If you are lazy, you can’t spend the money to hire someone, or it’s just plain hopeless to become an authority due to heavy competition in your field or for your keywords, you might consider buying incoming links from a black market vendor. These threat actors will usually have, or be able to obtain, a multitude of compromised sites that they can use to post links on. Another method that they may use is to spam forums with the help of spambots. So, we draw the line at whether the site owner agrees with the links being posted on his site.
Contrary to popular belief, posting links on social media like Facebook and Twitter does not help to improve a page’s SEO. The links on social media are “nofollow” links, and Google’s bots will not follow them or add them to your tally of incoming links. Google+ is an exception to this rule. I wonder why.
A quality link from an authoritative site weighs heavier than a lot of low quality links.
Pure malicious purpose
A recent example where SEO poisoning was used successfully is one where link building was done purely for malicious purposes—to infect visitors. By adding keywords and links in hacked websites, threat actors were able to get malicious pages ranked at the top of the Google search results for specific and carefully-chosen queries. The desired queries were banking and financial questions, and visitors of the ranked pages were infected with a banking Trojan.
Are all link building services bad?
No, that’s not what we are saying. But the services offered on black hat forums with a “no money back guarantee” should be examined with a 10-foot pole and a disinfected microscope. If you are not an SEO professional and SEO is just a by-product of trying to sell your goods or services, then by all means, contact a professional and see what they can do for you.
Just make sure you don’t end up sponsoring some malware author who goes around hacking legitimate sites and who may end up ruining your reputation. Because there are ways to investigate whether you have used black hat SEO techniques to boost your search rankings.
Is SEO poisoning actually recommended?
It is not recommended for several reasons:
- It’s not effective. With Google’s new search engine algorithms, black hat SEO is far less effective than it used to be, but is still offered by malware actors on underground markets.
- There are negative side effects. If Google or others sniff out your method, this might ruin page or domain authority, as well as professional reputation.
- It doesn’t come cheap. In the long run, you may end up spending a lot of money—money much better spent on legitimate and long-standing methods for success, such as hiring an SEO professional on staff or working with a consultation on learning best practices.
Not to give you any ideas, but you can also buy negative link building services for your competitors. As appealing as it may sound to have your competitors’ product associated with the keyword Viagra, we do not recommend using these either.
The best long-term solution is to work hard and play fair using legitimate SEO tactics to boost your page rankings. If you aim for a cheap and easy way around SEO, you’ll get exactly what you paid for: a whole lot of nothing.
*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Pieter Arntz. Read the original post at: https://blog.malwarebytes.com/101/business/2018/05/seo-poisoning-is-it-worth-it/