How Hackers Used PDFs to Trick Google

How Hackers Used PDFs to Trick Google

The long list of dubious or “spammy” links that you don’t want pointing at your site has grown a little bit, thanks to the pioneering effort of some unidentified hackers. The hackers used PDF files to create illicit links pointing at their sites, a technique that no one has seen before.

The tactic was only recently uncovered and Google has not given any comment yet. It appears that hackers broke into normal, legitimate websites and either added entire fake PDFs or simply edited links into PDFs already on the site. These keyword-rich links pointed away at a third party website, the one the hackers wanted to build up.

Worse than just some rogue links, however, the PDFs were encoded to automatically redirect users—and many of them ranked well on Google. So, for example, you could search for law firm SEO, find a “10 SEO Steps for Law Firms” PDF on page one, and click it but never see the document. Instead you’d be on someone’s sales page.

Why This Technique?

This technique is similar to one that’s already well known, where hackers simply place a regular HTML web page on a site to create the redirect. But that trick is already well known, and can lead to the spam links being caught and penalized quickly. Since the PDF trick is new, presumably it would take longer for Google to catch on.

It’s also a good gamble: few small business owners routinely check the files behind their website, and no one constantly re-reads their own PDFs. So even the business owners themselves were likely blind to the invasion. There’s also a common belief in the SEO community that Google treats PDFs as higher authority than regular web pages, but no one knows for sure.

In any case, the hackers took extra steps to cover their tracks, clearly hoping the ruse would last as long as possibly. Although regular users clicking on a PDF would be redirected to the sales page, Google robots wouldn’t. They see the “real” PDF, as if everything’s in order.

That’s No SEO

Despite those cunning tactics, whoever was using these “black hat” SEO tricks clearly isn’t that industry-savvy. The links they created had a few problems from an SEO perspective:

  • They’ll get penalized. Sooner or later any hack like this is going to be discovered, and when it is it’s a sure bet that the sites benefiting from those links will be heavily penalized.
  • Copy was keyword-laden. Even without a manual penalty these links could do more SEO harm than good. That’s because both the links and the fake PDFs were very heavy on keywords, making them appear low-quality and artificial to Google.
  • Deception turns away users. If the point of SEO is ultimately to get more buyers to your site, lying is bad for business. Imagine if you clicked on a link to a helpful informational document, and instead you ended up on a spammy sales page. You’d feel tricked and angry. The chances of making a purchase are low.

All of this indicates that the hackers in question were not really make an SEO effort—they were making a spam effort. If even one out of 10,000 misdirected users foolishly made a purchase, that was good enough for them. Indeed, the links they used to redirect people were affiliate links, meaning the hackers got a commission on every sale. They didn’t care about the ranking of the end site; they just wanted their cut.

These types of tactics rarely last long in today’s internet, and no legitimate SEO/internet marketing firm would ever recommend them. Instead, at EverSpark we focus on tactics that are above board, that pay off for years to come, and that leave customers feeling good about buying from you—and coming back for more. To learn how we can boost traffic to your site, contact EverSpark today.