Negative SEO Attacks: How to Detect & Defend?

The era of eCommerce dictates its own laws and rules for competition and survival. It’s quite possible that some of you may have never heard (let alone witnessed personally) the consequences of so-called negative SEO attacks. Indeed, as Kinsta demonstrates in a related case study, interest in this subject (measured by the number of Google queries) has noticeably increased only in the last 24 months.

That will be quite easy to match with the global pandemic which forced many businesses to go online and switch to the electronic business model, but that’s only part of the story. The graph below clearly demonstrates a rising trend that commenced 3-4 years before the pandemic.

So why do negative SEO attacks work? By its nature, it is unfair competition in the electronic space. To a great extent, modern business is also done electronically. With so much written on search engine optimization, should it be a big surprise that some of your rivals would want to compete for not only with the quality of goods and services they provide, but also more aggressively – with “black hat” SEO practices aimed to prevent you from getting more backlinks, consequently organic traffic to your website?

The analogy with physical stores located somewhere in town would be offensive graffiti drawings and writing something like “We want our money back!” on the building’s facade. It will obviously take some time before ethical standards for search engine optimization will be drawn, approved, and adopted into practice. As of now, such SEO attacks are just seen as unethical and repelled with what we have, deflecting human, time, and other resources from more value-creating activities. Just like cleaning up the mess or dealing with pests, it has to be done – unless there are reliable prevention mechanisms in place, or risks are too low to bother.

Negative SEO attacks may be seen as a “light version” of cyberattacks – a serious type of risk with the highest priority for many modern businesses (although in some classifications, those threats go together). The infamous ransomware attack on Colonial Pipeline in May forced the company to temporarily suspend its operations and pay the $5 million ransom to the hackers. Now, remember that it was only one example in millions. According to SonicWall, the number of ransomware attacks has jumped to a record-breaking 188.9 million in the second quarter of 2021.

Hacking the competitor’s website is a possibility, but many see that threat separately from easier ways to mess up with competitors’ electronic presence without hacking into their systems. After all, cybercriminal activity requires high competence from the performing party. On the other hand, more common negative SEO tactics can be mastered much easily, see for yourself:

Detection of cyber threats is what is done by risk managers in the first place. It gets harder when you don’t know what to detect. As CFO informed, a relatively recent survey revealed that more than half of C-suites had experienced a significant occurrence of previously unidentified risks (apart from coronavirus) within the last couple of years.

Although there are tools specifically created for the detection of negative SEO services, they can all be traced with indirect indications, such as:

• Traffic depletion
• Lower-ranking positions for no obvious reason
• Filtering engaged by search engines
• Technical difficulties, such as unusually long page loads
• User complaints

If you want to be sure, try Google Analytics. Although its functionality is limited in comparison with more specialized and sophisticated solutions, and the job of analyzing backlinks is done manually, it is quite possible. Plus, it is still the most popular tool for web analysis, as it follows from statistics.

In the example below, we may see referring resources from which visitors come to a known Russian information website specializing in the field of accounting and corporate finance. Because of its location and main target audience, most of them are Russian-speaking. That explains Yandex being the most influential search engine in this case. The website is apparently actively promoted on social media (Facebook, VK.com). There are a bunch of theme-based websites within the top dozen of referrals and lower, but no malicious websites whatsoever. Nothing to worry about at the moment.

On the other hand, website spamming checkers offer a more thorough display of all external backlinks which lead to your website. With them, it is possible even to trace the ongoing negative SEO campaign and act proactively. Moz Spam Score Checker, for example, allows checking spam scores upon completion of spam analysis. Sadly, as of now, it is not freely accessible to everyone, but only to pro subscribers. If what they say is true, soon they’re going to make it freeware.

Negative SEO Not Only on Purpose

There is yet another side of it. With so much business automation (RPA included), it is not for certain that spam links against your website were placed by competitors adhering to unethical standards. We’re halfway in the era of virtual reality: thousands of backlinks are generated automatically nowadays. Could it happen that some of them became a weapon in unfair competitive play? Quite possibly.

That’s the reason why it may sometimes be so difficult to prove evil intentions. Instead of jumping to conclusions straightway, modern companies perform thorough SEO audits – that includes backlink analysis. The website’s profile may already be corrupted with toxic backlinks, and sometimes it is impossible to tell someone’s purposefully adding to that list. Understandably, this doesn’t free you from the duty to remove negative links from Google.

Tackling negative SEO depends on the type of tactics being used against you. The most serious and potentially damaging cyberattacks (the act of hacking into your electronic systems with a purpose to steal corporate secrets, force the server to go down, or stall functionality of the website) require thorough preparation at all levels of the business structure. There is a common understanding that cyber risks – the “scourge” of the electronic era – will affect everyone, sooner or later. It’s not about “if”, but rather about “when”.

There are two main theories of how it is better to arrange the system of internal controls. Time runs fast. It seems sometimes like yesterday the US Congress enacted the famous Sarbanes-Oxley Act, dramatically reforming American corporates’ approaches to the formation of the systems of internal control. At the beginning of the 2000es, the Internet was a gimmick in many economies, and hacking activity was also in its infancy. Not a big surprise then that many companies used to put all the bets on detection rather than prevention.

Even now they have their reason, of course. If all employed internal control tools were preventive, how would you know you’ve been hacked in the first place with no alarm sounded? On the other hand, detection alone is only half of the story. Even an alarm system can’t prevent a house from being robbed if it is not accompanied by safe door locks. Taking into account the extreme severity of the cyber risk, modern corporations employ a wide and balanced selection of sophisticated instruments of internal control to:

• Detect cyber security breach as soon as possible,
• React to it as effectively as they can,
• Otherwise, the consequences would be disastrous.

Removing Negative Links from Google

Combating toxic backlinks can be bothersome, depending on how you are going to deal with them. Even with specially designed tools, the process would likely mean laborious cycling through long lists of “suspects”, picking one spam backlink after another and disavowing them with Google’s Disavow instrument. The task of forming the list of links to be disavowed and uploading that list is still done manually and may be time-consuming.

The good news is that in most cases, disavowing backlinks is not necessary at all. As John Mueller said, Google is able to ignore inbound spamming from suspicious resources, so do so only if the spam threat is considered by your corporate standards, or there is high probability of manual action caused by the link.

Apart from that, it is always possible to get in contact with webmasters, asking them to remove links pointing at your website. If they don’t, try filing a complaint to the webmaster support service.

If the evil intention was to remove your backlinks from resourceful websites, try doing the opposite to what the offending party did. Odds are that they sent a fake letter to webmasters of those resources, pretending to be you and asking to remove the link on your behalf. If that was the case, try explaining the situation and ask to get it back.

Dealing with Content Spamming

If you are a renowned information website, competitors will likely steal your content. Sad but true – that’s an almost inevitable cost of that business activity. In some cases, wider distribution of your unique content does a good job by serving promotional purposes. This happens in case of republication of a piece of news or an article (originally published on your website) somewhere else. It may be a news aggregator, for instance – a platform that collects and arranges news from various sources in a certain manner. In that case, it is good because the reference to the site of origin will most surely be there.

It is worse when there are no references, so valuable content is simply stolen. The platform is normally used to validate the uniqueness of a certain text, right? But you know 100% that either you or your company’s copywriters have created it, so appearing somewhere else (the tool will raise the red flag and indicate the source of possible plagiarism) means two possibilities:

• Either someone republished your content, adhering to all rules, which may even be good, or
• Someone just stole it.

Your corporate rules may allow republication only upon direct written permission, whether there will be a reference or not. After all, if you are a truly renowned organization, having a backlink on a suspicious resource is the same as having a spam backlink we dealt with earlier.

Moreso, if it is a suspicious resource, there will likely be no reference whatsoever. Even so, the threat may still be limited because when you are already a business shark, why should you care for the plankton? Besides, it is still possible to inform Google’s (and other search engines’) support services and ask them to remove the website with stolen content from ranking. Filing a suit for copyright infringement is also possible sometimes.

Finally, combating dark PR practices in social media requires staying in close and permanent contact with your target audience, so those people would know for sure who is who. Comments to your posts on social media may serve to inform on malicious fake accounts which only imitate the presence of your organization in social media, aiming to damage your reputation. Again, filing a complaint to the support service of Facebook or Twitter will most likely solve the problem in no time.

It is quite possible that some of the readers have relatively not long ago mastered search engine optimization. As if that wasn’t enough, by now they have learned that the same instruments may be used for evil purposes, what’s more – as a weapon against their own organizations. True, electronic commerce in its youth reminds of a jungle: no clearly defined and enforceable laws, no standards of professional ethics. Survival means fighting with what we have.

Negative SEO may be harmful to your business, but it is good to know that its influence is somewhat limited for now. By the time spammers become a severe threat, business organizations will definitely be armed to their teeth with effective automated tools to oppose their attacks. But it is strongly recommended not to underestimate the risk anyways.