Last week an IT security company discovered what appears to be a new spin on an old blackhat SEO trick used by spammers to fool Google and Google’s users.
The old variation of this technique involved spammers hacking innocent websites and either modifying existing pages &/or creating new pages with seemingly innocuous links. When clicked on these links send visitors to spam websites promoting things such as porn, drugs, get rich quick scams or, even worse, pages with malware that infects users’ computers. To hide this from Google the spammers use “cloaking” which means Google gets shown a different page to that shown to human visitors.
The good news is that the considerable resources Google’s put into combating this problem means this evil technique is now far less effective. Google is much better at detecting cloaking and, whilst they can’t prevent webmasters leaving their sites vulnerable to being hacked, Google will notify webmasters when they identify a site has been hacked by spammers (see example at bottom of this page).
The bad news is that spammers have changed tack and modified this blackhat technique to now inject their spammy links into PDF documents instead of html pages. Clearly this is working and not being detected by Google because the IT security company that discovered this issue (Sophos) reports hundreds of thousands of infected PDF documents appearing in Google search results.
The ongoing arms race between Google & spammers continues. Undoubtedly Google will working hard to detect and beat this latest nasty spam technique.
Why should you care?
We’ve recommended on many occasions that if you don’t have a Google Search Console account (previously called Google Webmaster Tools), then you really should because of the insightful information this can provide you about your website.
This includes being notified by Google if they detect security issues with your website, such as it being hacked and injected with spammy content. If this happens then you’ll be notified and see an alarming message like the one below. (We hope you never do).
Note that Google states they may label your website pages in Google search results as being hacked. And if that happens you can be assured traffic will dry up instantly, so you really need to take immediate action! Fortunately, Google will usually provide more detailed information to help you resolve the issue. We expect Google will soon be able to identify if your website has been hacked and injected with spammy PDFs.
Obviously prevention is better than cure, and ensuring that your website is not vulnerable to being hacked should be a priority.
If you found this useful, please tell your friends.
Jeremy and Mark are two of the partners behind SureFire Search. Despite their deceptively youthful appearances, both have worked in search marketing for many years. To put that in context, Google didn't even exist when Jeremy started.