Cybersecurity

The Sneaky Way SEO Spam Is Costing You Business -- And How to Stop It

Is your website at risk?
The Sneaky Way SEO Spam Is Costing You Business -- And How to Stop It
Image credit: Bill Hinton | Getty Images
Guest Writer
General Manager and Vice President of GoDaddy’s Security Product Group
6 min read
Opinions expressed by Entrepreneur contributors are their own.

Small businesses are losing business and potentially harming their reputations because of SEO spam cyberattacks. These attacks are known as search engine poisoning (SEP) attacks. As the name implies, the desired outcome (i.e., action on objective) of this attack is to poison your website results on search engine result pages (SERP).

Related: Malware Hits Everyone From Small Businesses to Big Government. What Are You Doing About It?

To understand this attack, we have to step back to the basics with SEO. SEO stands for "search engine optimization." It is the work that goes into your website to help you rank higher when customers search for your business online. Search engines like Google and Bing use special software that quickly reviews or "crawls" the content on websites and then serves up the most relevant sites for a particular query. When your site's keywords are properly optimized, you'll get more visitors, which ultimately means more potential customers and more income.

There are all sorts of tricks and tips to improve your SEO ranking -- but that's another article for another time. These SEP attacks materialize in what is known as SEO spam. It's when an attacker injects your site with unwanted links and keywords. Hackers can insert links anywhere on your website, and depending on the tactics they employ, they can embed these links into the meta data or into your website's content. Hackers use basic HTML anchor elements to link to other pages. Some of the more common locations might be header and footer files because they load with each request, or in specific widgets or menus. But, we see them sprinkled in titles and content in the body as well.

Perhaps the most pervasive of SEP attacks is the injection of pharmaceutical ads, but these days you can see injections for things like casinos, fashion and a wide range of other industries -- including things like services to write your school papers. In all these instances, attackers find a way to inject spam keywords, often attributed to backlinks to their sites of choice.

Related: How to Protect Your Personal Brand's Website From a Cyber Attack

For example, if a local Seattle marketing consultant's website experienced SEO spam, it could soon stop showing up in relevant search queries, such as "Seattle marketing consultant" because search engines would instead pick up fraudulent or malicious keywords. In digital marketing, we call this "losing your ranking," or being knocked further down in the search results for a truly relevant query. Ultimately, this form of cyber attack can cost small-business owners and entrepreneurs business because customers are no longer finding them online.

This type of attack is so effective and interesting to attackers because it's often very difficult to detect (e.g., they are often injected in code that renders off screen) and built on an affiliate business that cares only about impressions, not conversions. What this means is that attackers make money based on the traffic (impressions) they generate for their customers. As long as they are generating traffic, they are happy. It's such an effective attack that in a recent study we conducted of 60,000-plus infected sites, we found over 73 percent of the infected sites were affected with this malware type.

Negative impact of SEO spam

SEO spam can also hurt a business's reputation and mislead potential customers about the content of the site. This is because negative and incorrect keywords could direct straight to the business's website, giving off an unprofessional or even fraudulent appearance. For example, a high-end salon could have the incorrect keywords "cheap sunglasses" associated with its website. If this happens, visitors may think the site is a scam, or misinterpret what the business actually is. One of the ways that Google will punish your site is flagging it as potentially compromised:

Related: 7 Surprising Places Hackers Hide

Here are a few tips that should help small business stay ahead of SEO Spam threats:

1. Register with Google's webmaster tools. It's easy, and it's free. Google is one of the largest search engines and its software is constantly crawling the web. If you register with their tools, it will alert you when it finds an issue -- a full 48 hours before it flags it to the public or begins changing how your site shows up in search results. This is a great preventative step that costs nothing to enact.

2. Proactively protect your website. Websites are under attack on a daily basis, whether you deploy something on the server, application or in the cloud; you must deploy some form of a protective solution. My recommendation is to go with a cloud-based firewall, as the name implies it is a wall that helps keep attackers at bay. It actively adapts to attacks and helps keep your site spam free.

3. Deploy a monitoring service. These types of services monitor your website proactively and identify red flags or warning signs, which you would never see or recognize on your own, including monitoring for SEO spam. This is complementary to Google's webmaster tools. Partnering with a security provider helps provide peace of mind to small-business owners knowing they have a team with expertise to help them in case anything should go wrong.

4. Monitor keywords: This is a great way to get cross-functional teams involved: Have your marketing teams actively monitor your traffic and keyword performance. They are often on the front lines and should be able to notice suspicious behavior like a spike in keywords in industries you don't participate.

Security is very nuanced and constantly evolving. The online threats and issues we were dealing with just a year ago are different today. While this form of cyber attack isn't discussed as much as phishing or malware attacks, it's absolutely something all website owners should be aware of. Consider following the simple steps above to ensure no SEO spam is living on your website. Also, remember the value of good SEO optimization to keep new relevant visitors coming to your site.

More from Entrepreneur

Elizabeth's expertise can help you scale your business, build a personal brand and focus on being a value-driven CEO.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Are paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.
Get Your Quote Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.