Every day, web pages are flooded with new stories from around the globe. A story about the celebration of Pride month can be placed in stark contrast next to news of a recent mass shooting.

Both events, despite their contrasting topics, have strange parallels. They can bring together local communities with outpourings of hope for a better future, and both can easily be seized upon by cybercriminals from malicious sites using “SEO poisoning’ tactics to manipulate search results and spread malware.

As an evergreen topic in the SEO industry, you need to understand what SEO poisoning is to prevent SEO poisoning attacks in the future as well as how to protect your business’ website and your users from SEO poisoning. Frequents asked questions include:

  • What is SEO Poisoning?
  • What Is The Objective Of SEO Poisoning?
  • What does SEO Poisoning Mean For Users?
  • How Can I Protect My Business From SEO Poisoning?
  • What Does SEO Poisoning Mean For The Future Of Search?


What Is SEO Poisoning?

SEO poisoning refers to a range of unethical or ‘black-hat’ SEO techniques and threat actors used by remote hackers to get malicious content to appear above legitimate sites in search engine results.

In some cases, SEO poisoning is used to generate visits to a specially-built malicious website, but legitimate websites can also be compromised through ‘cross-site scripting’ (XSS) – a tool that lets hackers insert client-side script into web pages viewed by other users.


What Is The Objective Of SEO Poisoning?

The most common objective of SEO poisoning is to spread ‘scareware’ – users get a message warning them their computer is infected, and are prompted to download a bogus anti-virus software which is a malicious package.

Because of the amount of traffic associated with ‘trending’ news stories and ‘sensitive’ information, search terms related to those stories have become a favoured target for those behind SEO poisoning attacks. The remotely accessed attacks are usually recognised by search engines quite quickly, but hackers can simply move on to the next big news story, using automated systems to keep an eye on the most popular search terms and manipulating the Google search engine rankings.

PinkNews reported that Alt-Right Cyber attackers planned to spread malicious web content during Pride month and the Government has released statistics from their ‘Cyber Security Breaches Survey 2021’ stating that “Among those that have identified breaches or attacks, around a quarter experience them at least once a week. The most common (SEO poisoning tactics) by far are phishing attacks, followed by impersonation.”


What SEO Poisoning Means For Users?

Users should be aware that there’s a chance they’ll come across an SEO poisoning attack if they’re searching a topic that’s recently had intense news coverage. Sites that aren’t well known should be approached with caution, and sites that fill the screen with pop-ups should be avoided completely as these signs can be early identifiers of a compromised site.

Similarly, users should be vigilant about which website pages they allow running dynamic content such as JavaScript or Flash. Anyone using the Internet should have anti-virus and anti-spyware software installed, and operating systems should always be kept up to date. In general, if a site looks malicious or compromised, it probably is!


How Can I Protect My Business From SEO Poisoning?

To protect your company website from SEO poisoning and avoid becoming a vehicle for SEO attacks, web servers must be monitored and secured. Whilst some attacks will redirect visitors from your site to a malicious one, there is also a risk that hackers will insert irrelevant keywords or metadata into pages on your site, giving the impression that you are the ones engaged in unethical ‘black-hat’ SEO practices. That could lead to Google and other major search engines imposing penalties (downgrading your search page ranking and affecting your search engine optimisation, for instance).


What Does SEO Poisoning Mean For The Future Of Search?

There is a growing sense that black-hat SEO has become so advanced that the search engines are themselves being undermined by SEO poisoning techniques. Ultimately, search engines will only continue to prosper as long as they are seen by users as trustworthy and legitimate organisers of information. That means they will continue finding more sophisticated ways to root out and penalise the black-hat techniques used by cybercriminals and unscrupulous businesses.