Case Study: Insidious Negative SEO Attack – Examples of “Invisible” Stealthy Backlinks

You are likely here because you are wondering whether negative SEO is real. We are sharing this real world Negative SEO case study because many people including well-seasoned generalist SEO pros are often quick to dismiss the idea of negative SEO as something that doesn’t really work, but unfortunately, negative SEO attacks are very real, as much as we may wish that wasn’t the case.

In fact, crafty negative SEO attacks can be scarily effective in destroying your hard-earned organic search rankings and traffic, thus harming your website’s income streams and/or negatively impacting your business’s ability to gain new customers.

How do you know that negative SEO is real?

Well, just this past summer, Google lunched a major Link SPAM update that took almost a full month to roll out. The websites that had “questionable” link profiles experienced meaningful (and sometime extreme) ranking losses ranging from 20% to 50% loss of traffic. Among other things, this update was gold for negative SEOs who were really able to capitalize on and benefit from Google penalizing the websites to which they built toxic links.

It’s true that many amateurish negative SEO attacks may fail to deliver the “results” the attacker is looking for, but well-planned negative SEO campaigns executed with precision, consistency, and venom, can have strikingly dark consequences for the victim.

In this post, we document the learnings from a wide-spread and ongoing negative SEO attack that targeted several different websites during roughly the same timeframe (approximately 6 months as of the date of this post) to various degrees. It was clear the attacker was the same entity, as all targeted websites that experienced the negative SEO attack were targeted with the same kind of backlink spam with harmful backlinks originating from similar sources and having very similar pattern due to identical methods being employed by the attacker.

Some Boring Background on the Rationale Behind the Attack: The entity that perpetrated the attack (the necessary legal work is currently ongoing behind the scenes) was the only party out there that knew of the existence of the several, unique and otherwise unrelated websites that have different focus and content, and are owned by different companies/businesses.

The rationale behind the attack was that the attacking party (a much larger company) was entering the same space comprising a few different verticals, and after failing to “acquire” the targeted websites, the attacker decided to copy the content of all the websites (reworded and rephrased, human-spun, plagiarized content, thanks to the army of college student writers) and ultimately stoop to the lowest of lows by launching a targeted negative SEO attack against all the known websites, after failing to “acquire” these websites by honest and legal means.

For context, the attacker initially made two separate offers to the owners (two separate businesses) for the acquisition of their websites, in the process collecting all the proprietary data from these businesses as part of the “due diligence”, and then going back on the deal that was already agreed upon… And ultimately violating the terms of the NDA (legal work is ongoing behind the scenes).

The Anatomy of the Insidious Negative SEO Attack – Building “Invisible” Toxic Backlinks

As an SEO consultant/agency responsible for monitoring the backlinks to several websites for the two businesses, I/we were not aware of the negative SEO campaign and toxic backlinks that were being built on an ongoing basis because the commercial backlink monitoring tools we were using (AHREFS, MOZ, Majestic SEO, and SEMRUSH) are not properly equipped to pick up, recognize, or see the insidious harmful backlinks the attacker was building.

Why were the Commercial Backlink Tools like AHREFs Unable to “See” the toxic backlinks?

The attacker, cleverly deployed thousands of cloaked websites and hundreds of thousands of cloaked pages that show one version of the page content to search engine crawlers like Google and Bing Bot, but redirect the actual users (and backlink tool bots like AHREFs) to spam-filled destinations like adult games, casino spam, etc. Thus, commercial backlink tools are not able to see the toxic backlinks built in massive numbers from questionable domains (cloaked websites used for SPAM).

The Results of the Negative SEO Attack

All targeted websites lost anywhere from 25% to over 50% of traffic and the traffic loss is still on-going as the negative SEO attack continues (while the legal work is taking place behind the scenes). This is in spite publishing new high quality content on these websites, improving technical and UX areas like Google Core Web Vitals, and attracting high-quality organic links (naturally).

The initial traffic losses happened in early April for some of the websites, which was before the Google Spam update that ran in the summer of 2021. The initial traffic loss on some of the websites clearly indicates that toxic backlinks can harm a website, resulting in a significant loss of traffic, even if there is no specific link spam update by Google. In fact, Google has not launched an official link SPAM update in years until the summer of 2021.

We Learned About the Harmful Backlinks SPAM in July/August of 2021, after 3 months since the Launch of the Full-fledged Negative SEO Attack

It was clear that all websites were part of the acquisition negotiations have suffered heavy traffic losses in spite of us (the SEO consulting agency/service) examining every nook and cranny and carefully combing through all the backlinks surfaced by commercial tools like AHREFs and SEMRUSH, fixing most of the Google Core Web Vitals issues on most of the websites, publishing new high quality content, and earning quality natural links.

Something was clearly off with the affected websites that (again, the websites that were targeted for the attack were owned and operated by different companies and focused on different verticals or sub verticals, had different writers, hosting providers, link profiles, designs, etc.) have once again suffered additional 25% to 35% losses in organic search traffic during the most recent Google’s Web Spam update.

Normally, Google Links report is of limited usefulness to us because Google doesn’t tell you about all the links the crawl/discover. Google is known to only show you a sampling of links and they are not as willing to share all the data they have, that’s why we’ve been using commercial tools. However, upon examining Google’s latest links downloaded from the the Google’s search console, it became cleat that there have been thousands of spam links built over the last several months, and here is the kicker — those links were (mostly) not picked up commercial backlink research tools.

In other words, this was a stealthy attack that you are not likely to catch unless you examine Google’s link profile, as the attackers show a different version of the webpage to Google and Bing crawlers. This is what made this negative SEO attack so insidious. What’s more, the truly toxic links were mixed in among thousands of useless other links from various scrapper style websites, making it even more difficult to identify truly harmful backlinks from cloaked websites and pages.

Disavowing Toxic Links from Cloaked Websites and Pages

We spent the last couple of months disavowing spam backlinks and domains that are continuously being built by the attacker. Our disavowal and investigation are ongoing. In the mean time, here is a sampling of the bad links that were built. Please don’t click on these toxic links at the risk of getting your machine infected or seeing inappropriate content. We share these real-world negative SEO backlinks for educational purposes only while our investigation and the clients’ legal proceedings are ongoing.

Harmful Backlinks (only a small sample of backlinks that also includes some useless but less harmful scraped search content pages) that were already disavowed

Please don’t click on these links as most of them redirect to questionable destination. Again, these backlinks that were already disavowed are shared for educational purposes only and to inform the larger SEO industry:×6-lvl-price×6-lvl-price–steel-roofing×6-lvl-price

2 thoughts on “Case Study: Insidious Negative SEO Attack – Examples of “Invisible” Stealthy Backlinks”

  1. The exact same thing happened to me and they attacked me from the same url (that’s why I found this article), I just realized a few days ago …
    Your article is IMPORTANT because it reveals the list of Toxic URLs. Thank you and it is important for me if you update the information to see how to completely solve this problem.
    On the other hand, it would be important to report these irregularities to Google because the only thing these ANTI-ETHICAL ACTIONS do is make the Web worse.
    PS: I also received an offer to acquire my website …


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.