Secure your small business:
Apps → Data →

Cybersecurity Reference > risks and threats

SEO Poisoning

Quick definition  ⓘ
Why it matters: As search becomes ever more important for business success, attacks that attempt to harm an organization's search profile are becoming more common.

Key Points

  • SEO poisoning attacks target and harm an organization's search profile on Google or other indexes
  • They are carried out through backlinks to the organization's website created by third parties
  • They may associate a brand with negative or toxic search keywords or other bad information
  • For larger websites, these attacks can be missed in the large volume of traffic and URLs

Search optimization hasn't traditionally been a focus area for cybersecurity, but with SEO poisoning attacks on the rise, it's becoming one.

Quick Read

In recent years in particular, organic search has taken on outsized importance for the value of a company's brand and for generating new inbound business. This is likely why SEO attacks, too, are on the rise.

In SEO poisoning attacks, rather than attacking an organization's assets directly—say, by compromising and defacing their website—a malicious third party instead indirectly attacks an organization by altering the way that they appear in search. This generally involves fooling Google or other search providers about the content or audience of a website, or causing search providers to believe (unjustly) that an organization is employing forbidden tactics for search optimization, causing them to be penalized.

In some sense, SEO poisoning attacks are therefore similar to social engineering attacks, but the vulnerable target in these cases is a technology platform (Google or another search provider) rather than an employee of the organization.

In the most concrete terms, SEO poisoning attacks may involve:

  • Creating backlinks to a site from "toxic" web properties, such as spammy websites or porn websites sites

  • Creating an obvious "link farm" to a website without the site owner's awareness, to cause search providers to penalize the site for link farming

  • Taking advantage of wildcard redirects to "inject" destinations that don't exist but contain negative keywords into a site's search results

  • Using query parameters or other techniques in backlinks to generate unexpected and undesirable search results for a domain

The effects of SEO poisoning attacks can be initially harmful precisely because SEO and search profile maintenance are company functions not traditionally associated with cybersecurity, and may be subject to biases—for example, a bias toward desiring higher search traffic or a higher number of backlinks—that leave the actual details of these increases unexamined in the many pages of search results and backlinks that marketing departments ultimately monitor.

However, if left uncorrected, SEO poisoning attacks can harm a brand's perception with organic search users—who make assumptions about a brand based on the results that they see in search—or its ultimate search position and effectiveness with search platforms.

Best practices for avoiding SEO poisoning attacks include avoiding wildcard redirects, erroring on, rather than ignoring, unexpected query parameters, and regularly monitoring not just search volume and placement but also the actual contents of search, as well as a site or property's backlink profile. Though many small to medium sized organizations in particular are reluctant to make larger investments in what are ultimately SEO tasks, the new cybersecurity implications of such tasks justify the investment.

Further Reading

—Aron Hsiao

Need SEO Poisoning solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.


Thanks for reaching out! A Plurilock representative will contact you shortly.

More to Know

© Jakub Jirsak / Dreamstime

Monitor Traffic Sources

Make use of Google Analytics and Google Search Console to monitor both new spikes in traffic and new spikes in search impressions or search clicks. In many cases, first evidence of SEO poisoning attacks will appear in these areas.

© Rustam Shaimov / Dreamstime

Adopt SEO Platforms

SEO optimization platforms like Ahrefs or Moz provide toolkits to monitor, analyze, and rate a site's backlink profile. When undesired backlinks are detected, use Google's search disavowal terms to disavow them, or if the link's use unanticipated, delete the offending redirect, block the offending query parameters, or re-route these to a 404 status error page.

© Rustam Shaimov / Dreamstime

Use Search Platform Tools

Google and others generally have tools to disavow links, request removal of links, request reindexing of links, or to protest penalty actions or disavow their causes. With the rise in SEO poisoning attacks, it will become more and more important for organizations to regularly make use of these.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.