What is Search Engine Poisoning?
Search engine poisoning, or SEO poisoning, is a technique spammers and hackers use to manipulate search engine results pages and steal visitors’ sensitive information.
Search engine poisoning is executed by injecting harmful code into legitimate sites or creating fake sites that mimic an original one. These fake sites are registered with domain names that can be confused with that of the original site.
For example, if the actual site is yourdomain.com, the poisoned and fake one would be yourdomian.com. Most visitors cannot tell them apart at a glance unless they look at it closely.
These malicious sites are promoted using black hat SEO or pay-per-click (PPC) advertisements. Visitors who click on these results are directed to the malicious web pages where their system is hijacked, their sensitive information is stolen, or malware is downloaded to their computer.
How Search Engine Poisoning Works
Attackers typically follow the same script when creating malicious sites and content that poison search results pages. Here’s how it generally works:
1 Create Low-Quality Content
The process begins with the attackers performing keyword research to identify popular and trending search terms that people are searching for. Once done, they create content and add the keywords to it.
The content is usually low-quality and is often stuffed with keywords to make it rank on search results pages. However, some attackers may create high-quality content to trick visitors and lure them into trusting the site.
Many attackers also use typosquatting. That is, they purchase domain names that look like that of the site they want to mimic and then create a lookalike site to trick unsuspecting visitors into believing it is the real one.
2 Promote the Content
The next step is to build backlinks to the site to increase its rankings and build its authority. This is usually done using black hat SEO techniques like paid links, link farms, and private blog networks.
Many attackers also create pay-per-click ads that appear above the organic results on search results pages. Sometimes, they even appear above the legitimate site the visitor seeks.
Visitors who click on the content are then directed to the spammy site. Sometimes, the attacker uses doorway pages that direct visitors from the original content they clicked on search results pages to the spammy content.
3 Get Visitors to Download Malware
Once visitors arrive at the spammy site, they are encouraged to download and install malware on their devices. The visitor is typically unaware of this and would think they are downloading legitimate software.
Once they do that, the malware can steal the visitor’s information and send it to the attacker. Sometimes, in the case of corporations, the attacker could use it to take over the company’s systems as part of a ransomware attack.
Common Search Engine Poisoning Techniques
Hackers use multiple spammy, unethical, illegitimate, illegal, and black hat SEO techniques as part of their search engine poisoning campaign. Some of them include:
1 Keyword Stuffing
Keyword stuffing is the excessive use of keywords within content. Sometimes, the keyword is repeated so often that the content becomes unreadable. Some attackers may also use hidden text techniques to hide the keyword stuffing from visitors. However, the keywords are still visible to search engines.
2 Content Scraping
Content scraping or scraped content is the theft and republishing of content originally published on another site. Attackers usually scrape content, including website code, which they then use to create a lookalike site that tricks visitors into thinking it is a legitimate site.
3 Malware Injection
Attackers inject malicious code into their spammy websites. This malware may compromise the visitor’s device and steal their information during their visit. The site will also encourage visitors to download malware, which will steal their information or lock their device and request them to pay a ransom to access it.
4 Phishing Pages
Phishing pages mimic the look and behavior of the legitimate site the visitor was looking to visit. These pages sometimes contain domain names that look like that of the legitimate site, causing visitors to trust the legitimate site and mistake it for the real one.
5 Hidden Text
Hidden text is a black hat SEO technique wherein a blogger hides text from visitors to a webpage. However, search engines can still see the text. Hidden text is typically implemented by using a tiny font size, setting the font transparency to zero, or setting the font color to the same color as the background.
6 Cloaking
Cloaking is a black hat SEO technique wherein a blogger displays different content to visitors and search engines. The content displayed to search engines is usually high-quality, while that displayed to visitors who click the link is spammy and low-quality.
7 Link Farming
Link farming involves creating a network of websites that link to each other. This is done to manipulate and trick search engines into believing that the content has more backlinks than it actually does.
8 Negative SEO
Negative SEO is a black hat SEO strategy that uses unethical techniques to harm a competitor’s search ranking. One common negative SEO technique is to generate spammy backlinks that point to the legitimate site the attacker is mimicking. Attackers do this to get Google to issue a manual action penalty to the legitimate site.
9 Brandjacking
Brandjacking involves creating misleading content that impersonates a legitimate brand or company. This can lead to confusion among consumers, who will mistake the attacker’s site for the legitimate one.
10 Typosquatting
Typosquatting is the practice of registering domain names that are common misspellings of popular brands or websites. Attackers use these domains to capture traffic from users who mistyped a URL, often leading them to phishing sites or malicious content.