Investigating the negative SEO threat

By Eric Vanderburg, Information security executive

I read a recent Power More article by Mark Schaefer said that SEO content today is about insight rather than quality, and this reminded me of a case I worked on. As many of you know, one of the many hats I wear is that of a cybersecurity private investigator. A client called me to report that his website was no longer showing up in Google search results. The cause became apparent shortly after we started investigating. Someone had built hundreds of websites that listed certain key search terms frequently. Not only did these sites rank higher than my client’s site, but they also warned users that my client’s site was allegedly defrauding its customers. We were dealing with a negative SEO threat.

The world of search engine optimization (SEO) is one where the rules are constantly changing. The big search providers change their criteria for ranking sites and individuals who understand SEO then modify Web pages and processes for promoting their sites, so these sites can appear in more search results and gain more business. Overall, the process is a positive one, resulting in better search results and more refined websites. However, some SEO tactics are not so benign.

For example, search engines used to rank sites based on how many times their site was linked to by other sites. In response to this, some companies created many bogus sites with links back to their site to influence their search rank. Much of the blog spam that contains embedded links utilizes this SEO tactic, and the end result was a SEO bubble of sorts where some site ranks were greatly inflated. Search users had to wade through too much garbage to find real content so the search providers changed their strategy to assign a quality ranking to inbound links. Sites were penalized if many low-quality links referenced their site in an effort to discourage their use, but this also less idealistic individuals the tools to attack others using by performing actions that penalize competitors or other targets.  

Negative SEO techniques are being used on targets such as competitors or those with opposing viewpoints to lower their search rankings and diminish their Web presence. In my client’s case, the pages that the sites mentioned his brand also mentioned other company brands in other areas on their sites, implying a negative SEO service for hire. Research on the sites themselves was inconclusive as the sites were hosted at various locations around the world with fake contact information.

Tracking down the SEO source

The first step in combating negative SEO attacks using inbound links is the disavow tool. However, these sites did not link back to the official company site so a different tactic was required. The sites that listed the client also listed other companies, so we researched them to try to find a common thread. Unfortunately, no common element was found, which led further credibility to the theory that this was done through a service. We contacted some of the companies and asked whether they conducted an investigation and whether they would be willing to share information but found that an investigation was not performed or they were not willing to share information.

Our next course of action was to perform more active probes. We set up accounts at various service broker sites, which I like to call “micro-outsourcing” sites, such as Fiverr, Gigbucks, Tenbux. We then searched for SEO-related services and purchased those in which the description implied that black hat techniques might have been used. We created several test sites and monitored search results for the sites to see where the traffic was coming from.

We eventually saw activity from a few of the sites that were initially used on our client so we traced the key term back to the transaction and worked with the micro-outsourcing vendor to identify the user and IP addresses used to log on. We then coordinated with local law enforcement officials in that country to prosecute the individual and also to obtain information on the entity that contracted the work against our client.

In the end, the lesson learned was that companies need to pay attention to their SEO, but also to potential negative SEO campaigns and know the tools and companies to work with if they are targeted for such an attack.

Information in this blog post was intentionally vague and some facts were changed to protect the identity of those involved.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

About the Author: Power More