Negative SEO Part 3 – Attacks from Inside & Outside: How to Prevent & Recover from Them

We shined a light on the darker side of SEO in our last two blog posts (part 1 & part 2), and today we will delve into even more negative attacks that can not only cause your website to lose search engine rankings, they can cause it to operate incorrectly (or not at all), or even allow the attackers access to private information. The following contains only a sample of some of these issues; negative SEO practitioners employ diverse means of striking websites. You may not be able to protect yourself from every attack, but these tips can help prevent some of the most insidious problems and show you how to recover, if you have been hit.

We’ve broken our discussion down into two parts: Attacks perpetrated via email, and attacks carried out by infiltrating your website directly (via addition of malicious code or other direct means).

Attacks Often Stemming from or Tied to Email

Beware Suspicious Emails or Emails that Overtly Try to Extort Money from You

There are so many ways that email can cause problems. Spammers can use email, which seems harmless, to begin potent attacks that can spread rapidly across entire networks.

Spam Email Can Contain Malicious Links – Here’s How to Protect Yourself

One of the key points to remember, to protect yourself from spam to your business (or personal) email account, is to ignore spam email. Don’t open it. Don’t click on it. Any email from someone you don’t know is suspect – if you are interested in an offer but aren’t sure if you should click on it, don’t.

Here’s a tip: You can often determine who the email is from by hovering with your mouse pointer over the sender’s email address. You can then discover the originating email address, and research it without clicking on the email itself. Please note that often gibberish or throwaway email addresses are used in spam, so this technique may not divulge its origin.

And…spammers and hackers can impersonate your contacts. So, in the same way you would question a phone call that sounds illegitimate, you should check out if your contact really sent you an email with an urgent or otherwise unusual email subject line.

In our modern online world, clicking is nearly second nature.  A good rule of thumb is don’t click on impulse. When reviewing your email, slow down and take your time. Don’t open email when you’re multi-tasking, as that can lead to lack of focus and potentially pull you into a spam attack.

We are all likely familiar with the ways to minimize spam to our personal email accounts. iPage offers an excellent checklist on how to protect your business from spam email. Read the part about domain privacy. You can decide how you would like to handle this. If you believe people may relate your request for domain privacy with a lack of transparency, you can simply place a statement on your website about it; that you have taken this step to prevent unwanted spam.

Email Extortion Schemes – How to Spot Them & What to Do Next

If you receive an email like this (or see its subject line), it is an extortion email:

Dear ____________

Unless you send us $10,000 in BitCoin, we will point a million spam backlinks to your website. Hurry with the payment within 48 hours or we will point these links to your site, ruining your search engine rankings and your reputation, etc. etc.

Report the entire email to your email service provider and the FTC. Usually spammers don’t follow through with the threat. If you do detect issues with a lot of new spam links pointing to your site, you will need to disavow them (as we discussed in our last blog). These days Google has built into its algorithm the ability to spot spam links and not count them towards its ranking of your site; but disavowing spam links is one more safeguard you can use to clean up after a spam attack.

Steps to Fight Malicious Code or CMS Attacks

Make Use of Google Search Console to View Your Site as Google Sees It

Use Google Search Console’s Explore with Google tool to see your site as Google sees it – you’ll then be able to determine negative code or content that may be hidden from human visitors. Anything hidden is a red flag – and you will be able to determine if code has been added to your site by a nefarious third party.

Bonus Tip #1: WordPress is the top CMS, and 27% of all websites run on it. This CMS is also often a target of hackers. If you have a WordPress site, you may wish to add an extra layer of security with one of these plugins. They provide malware scanning and brute-force protection and will alert you by email if they think an attack has been detected.

Bonus Tip #2: Definitely do some research to find a WordPress host that offers robust security – have them tell you what security they use, and if you don’t understand the terminology, check with Engine-ius Marketing . We can help guide you through this and recommend a good WordPress host.

Another Source of Attacks You Should be Aware Of

Former or current employees with website access can decide to take you down: they can infiltrate your website, change content, de-index the site from Google, add irrelevant or obscene content to your site, and insert malicious JavaScript code, among other hacks and intrusions. A key point to keep in mind with employees leaving your business is to rapidly change all website access passwords so that they will not have ongoing access to the site. As you would collect any keys or other business-owned items upon an employee’s separation from the company, it is vital that you ensure that they don’t continue to retain website access, if you have shared that with them. It’s also good practice to change these logins on a regular basis, regardless of employee turnover, to help protect your site from potential threats.

Wow – we’ve shared a variety of potential negative SEO threats in our three blog series. Want to know more? Contact Engine-ius Marketing for a site audit and have our experts deploy a campaign to put your website’s online visibility back on track! Call 800-781-3074 or email

Contact Us!

Drop us a quick note and we'll get back to you as soon as possible, thanks!

Not readable? Change text. captcha txt
learn about negative SEO | Engine-ius Marketing