Edited by Iñaki Gorostiza, March 2010

We tend to think of experts in SEO techniques as mystic loners, able to predict trends on Google and position websites through a mysterious power or secret techniques available to just a chosen few.

i_gorostiza_panda_security_blog_la_piazza_21The reality is quite different; SEO (Search Engine Optimization) is an easily-accessible Web development process anyone can use. In fact, it hardly requires advanced technical knowledge, and its simplicity attracts people from many disciplines. Of course it also attracts hackers, who are interested in anything that can return a fast and easy profit. The figures speak for themselves:

– There are over 1 million malicious pages indexed in Google.

– Over 3 million search results have been hijacked by hackers.

SEO uncovered

Here are the main principles for SEO:

  • Get a good title for your website.
  • Write the contents with special attention to keyword density.
  • Get backlinks to your website.

There are other secondary elements which will help position your website: Google Site maps, names of files and urls, name and age of the domain, etc.

Positioning your website by following these simple tips is very rewarding. In just a few minutes, you could create a page with your CV and try to position it in Google for searches related to your name or job.

This is what hackers do: they create their websites, position them and wait until unwary visitors fall in the trap. Internet users who get to a website through a search engine, are potentially malleable, as they accessed the website voluntarily, searching for information, products or services. Hackers take advantage of the situation by inviting them to download a movie they were searching for (infected by a Trojan), informing them about a false infection on their computer in order to recommend a fake antivirus, or simply by requesting a donation for earthquake or tsunami victims.

Important: Other “illegitimate” positioning techniques which can be penalized by Google (if detected) are “Black Hat SEO” techniques. These techniques include Cloaking, Spamming Keywords, Hidden Text, Backdoors, Duplicated Content, Link Farms, etc. and allow quick and easy positioning. However, it is important to mention that hackers don’t always use Black Hat SEO and in most cases, their organic positioning is completely “legitimate”.

Not everything is what it seems

The main problem with SEO techniques, whether intended for good purposes or used maliciously by hackers, is that in the case of highly competitive search terms, it is sometimes impossible or very complicated to position a website. Just imagine how difficult it is to position a website using terms like “Buy house”, which returns millions of websites in Google struggling to reach the top positions.

However, you may find the following techniques useful in these cases:

  • The first is called “Long Tail SEO” and consists of positioning a highly competitive term, by using terms with less competition. For example, instead of positioning a website by using “Buy house”, you could position it by using terms like “Buy house in Madrid” or “Buy cheap house in Madrid”.
  • Another technique consists of taking advantage of Google users’ spelling errors to position your website by using deliberately misspelled keywords. Can you imagine the different ways to write “Britney Spears” a person could come up with? In this case, there are multiple tools such as the Google Adwords Keyword tool which can be helpful.
  • Finally, and equally importantly: foresight. When using SEO techniques, you must be ahead of the news in order to narrow down the competition. PandaLabs has observed that minutes after any global catastrophe or disaster, the top Google results correspond to fraudulent pages seeking to profit from the situation.

We will always have Paris

And what can users do against this new threat? They should keep their browsers up-to-date to avoid letting hackers take advantage of any vulnerability in order to infect their computers. Google fights against cyber-crime by penalizing fraudulent pages and warning its users about potentially dangerous websites. There are also browser add-ons such as Web Of Trust, which warn users about fraudulent pages.

However, common sense is once again your main ally. Beware of any website, in the same way you would not trust strangers in the street. Before making a donation, make sure the account number you send the money to belongs to the corresponding entity. Avoid illegitimate downloads and scan all files with your antivirus solution before you install them.

If like the Spanish author Miguel Delibes said, Internet is hell, then I think Google are the gates.

Iñaki Gorostiza works in Panda Security as Web Development Responsable. Since joining the company in 2002, he has taken part in numerous projects, in the Development Area and online promotion. You can contact him on his blog http://www.hellogoogle.com, where he publishes articles that help companies grow on Internet, and at http://twitter.com/hello_google.