Search engine optimization (SEO) is a long game. Improving your website to rank higher on search engine results pages helps you attract more traffic. Plus, it helps build a trustworthy reputation. But, some people want to take shortcuts by using what’s known as black hat SEO. If this happens, your business could pay the price.

What Is Black Hat SEO?

Black hat SEO is any activity that seeks to increase a website’s ranking and reputation by using methods that violate the terms of service of search engines like Google or Bing.

In the early days of the internet, many marketers used black hat SEO tactics to increase their visibility, attract traffic and build trust. But, as search engines evolved and sought to improve the quality of search results, they imposed penalties on unethical practices.

Now, threat actors have embraced this old-school subterfuge to exploit companies with established reputations and steal from unsuspecting online shoppers.

Why Do People Use Black Hat SEO?

Honest SEO (aka white hat SEO) takes a long time to bear fruit. Once your site ranks high for competitive keywords, you seem like a reliable brand that potential customers will trust. Threat attackers have realized the best way to rank a site quickly is to hijack a website with an already established reputation.

Attackers can clone your website — known as domain spoofing — and then use black hat SEO tactics to drive traffic to their duplicate site. Someone might spoof a website to sell low-quality products to profit from the reputation of a trusted store. They could also use the spoofed domain as part of a phishing scam. As the fake site appears almost identical to the bonafide brands, the scammers can fool customers into sharing their credit card details.

Once thieves have your personally identifiable information, they can make fake purchases and sell your information on the dark web.

The good news is that modern analytics and antivirus solutions can help detect phishing sites quickly. However, black hat SEO attackers can increase the rankings of a spoofed domain and lure unsuspecting victims before the fake site is detected and shut down.

How Does Domain Spoofing Impact Your Business?

In the age of social proof, trust with consumers is paramount. Your online reputation can make or break your business. When people use black hat SEO to copy your website, there are serious repercussions.

You lose traffic. As spoof websites misdirect potential customers, your site will get fewer visitors. You’ll lose out on sales and see lower returns on your marketing spend.

Consumers lose trust in your brand. Black hat SEO causes people to land on a spoofed website. Next, they might find poorly-spun content, spam links, fake comments and fraudulent ads. This bad user experience might make people look at your brand in a different light.

People leave bad reviews. This negative feedback might be directed at a scam site, but the victims will blame you if it was under your brand name. The bad press can deter other customers.

Search engines might punish your company. Sometimes, a genuine business will suffer the consequences if its site does not meet search engine standards. A Google penalty can banish a site from search results. Traffic will plummet, and it can take a long time to recover.

Reduce the Chances of Customers Visiting a Cloned Website

If customers fall prey to financial fraud or identity theft and believe it was your company, you could have a public relations nightmare on your hands.

It’s best to get ahead of this threat. Here are seven steps to help you prevent black hat SEO from misleading your customers to a spoofed website:

Install a TLS Certificate

A Transport Layer Security (TLS) certificate is a digital security protocol that authenticates the identity of a website and establishes an encrypted connection between the website and the user’s browser. Users can see the padlock and HTTPS prefix in your domain URL, which gives them confidence that you will keep their personal information private and secure.

Secure Your Source Code

Ideally, your developer should add security measures to protect your website from potential attacks. One such tactic is to disable the copy-paste function on your site so attackers can’t easily copy your source code.

Remain Proactive

Companies should have vigilant security teams who proactively monitor their domain and traffic for any suspicious behavior. When you have set processes and strategies for data handling and risk management, you can improve how you identify and defend against threats.

Use the rel=canonical Tag

A common aspect of website spoofing is to create duplicate pages of a genuine site and then make subtle changes to the URL, such as changing one letter. Adding the rel=canonical tag lets search engines know that a specific URL is the master copy of a site page, making it harder for fraudsters to duplicate your site.

Study Your Website Analytics 

Quite often, scammers are playing for a quick win and may not take the time to change all the internal links. Even if visitors land on a cloned site, they can click on links to get to the legitimate, original domain. Check your website analytics to identify incoming traffic from a cloned site with a similar domain name.

You can also improve your chances of spotting a duplicate site if you build a lot of internal links on your website. Luckily, that’s also a good SEO practice to increase your site performance.

Take Action

Once you identify a spoofed site, act fast to take it down. First, report the IP address. Contact your hosting provider and request that they block all requests to the IP address of the fraudulent site.

Next, send the provider or content delivery network a takedown request. Provide clear details about the attack and any potential threat to your business or customers.

It also helps to copyright your brand. You can share copyrights and trademarks to expedite the takedown process and add another layer of protection to your website.

Hire a Certified Ethical Hacker

It’s much harder for someone to damage your business with black hat SEO if they can’t also duplicate your domain or breach your website. Hiring a certified ethical hacker will help you find security gaps and vulnerabilities and stay one step ahead.

Restoring Your Reputation After a Spoof

The tips above help you stop scammers. But by the time you take those actions, the impact of black hat SEO and a fake website might have already caused damage. In the worst-case scenario, criminals sold counterfeit products, stole credit card information and carried out identity fraud on consumers — all under your brand name.

What can you do to make people trust you again?

Address the Situation Publicly

Don’t try to hide the problem. Create content that directly speaks to your customers, telling them that you are aware of the situation and working hard to repair the damage.

You could create a video for YouTube or Instagram, where you make a public apology to anyone who was impacted. Even if it was not your fault, it’s a good look to take some responsibility and accept that your security team can do more to protect your customers.

Remove Fake Reviews

People using black hat SEO will often add fake online reviews to add to the credibility of their fake website. Contact search engines and third-party review platforms like Trustpilot and ask them to take down any fake reviews.

Add Multi-Factor Authentication

E-commerce stores should always have these security measures to protect customers. It’s worth pointing out that cyber criminals may abuse the CAPTCHA system. Fraudsters will add these tests to spoofed domains to trick visitors into thinking they are on a legitimate, secure site.

Communicate Openly About Your Policies

Share your policies for communication with your customers. For example, if you use two-factor authentication, make that clear so people know to expect it. If they don’t get a two-factor authentication request to their phone or email, they may know they are not on a genuine site.

Site spoofing can confuse customers and steal money from both them and their businesses. It’s part of today’s good online hygiene to keep an eye out for black hat SEO.

More from Risk Management

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Tech Stack Diversity: Security Benefits and Costs

If your remit protects the information technology estate, you might be tired of the constant fire drills and reminders of upcoming disruptions. The barrage from cybersecurity vendors claiming "we have the solution" is almost equally exhausting. Start here: there is no magic bullet cybersecurity solution. If there was, its inventor would be a gazillionaire and have a list of enemies miles long. However, well-stacked solutions can significantly reduce your risk posture. The key is to place dependability over dependence, reduce…