Black PR: Cybercriminals Offer Negative Reputation Services to Help Businesses Target Competitors
January 13th, 2021
Subscribe to our blog and stay up to date
Online reputation management (ORM) services have been around for years now. These services were built to monitor and alter the online reputation of individuals and organizations, as this may make the difference between success and failure for projects, products, and different initiatives. Reputation services include strategies and tactics for maintaining a positive reputation (on repairing a negative one) by employing search engine optimization (SEO), content creation, social media management, crisis management and more. According to these services, over 80% of people trust online reviews as much as personal ones. One survey even claims “the most difficult reputation management task is identifying and removing fake reviews – with 58% of businesses having received negative or positive fake reviews.”
However, legitimate organizations and individuals are not the only ones who are concerned with their online reputations. IntSights researchers have found an increasing number of cybercriminal reputation services offered on the deep and dark web, mostly on Russian speaking forums.
The advertisements for these services are not all that different from commercial ORM services, focusing mostly on deleting and blocking data and services (rather than creating a positive reputation through social media). Prices for different services are as follows:
Developing a negative reputation - 75.000 RUB (~970$)
- Developing a negative reputation - 75.000 RUB (~970$)
- Developing good reputation - 65.000 (~840$)
- Deleting information from Internet (depends on the type of information) - 55.000 (~710$)
- Social media account block - 1000$
While the above advertisement does mention creating a negative reputation brief, it does not go far as the “Black PR” service.
Claiming to be an “unofficial division” of of or Russia’s largest PR firm, this “Black PR” offering boasts standard ORM elements like SERM (Search Engine Reputation Management), while also “collecting and posting compromising information, anti-crisis PR, and many other services for non-standard request.” Services here are on a project base and cost $3000-$4000.
Another poster on the topic claims to be looking to work for black PR groups. In this post the job seeker outlines their knowledge and capabilities (please keep in mind the post was translated from Russian) and what they are willing to do based on their past experience and interests.
The Effects of Black PR or Negative SEO Campaigns
Numerous negative SEO vendors are for hire, including those linked here. There are several ways legitimate businesses can hire them to engage in negative SEO practices targeting their competitors. One such option is buying or generating large quantities of spammy backlinks from sites that Google has knowingly flagged for selling links in the past. This practice is typically very inexpensive, and has the potential to damage a website’s digital marketing performance. It can also be difficult for inexperienced digital marketers to detect.
The effects can be devastating – Google imposes two types of spam penalties on offending websites.
Automatic Action: The web property owner is expected to manually undo anything that has violated the Google TOS. Removal of this penalty is also automatic and is lifted when the various search quality algorithms reach a particular point. There is no notification for this penalty, but it can be identified through a sudden and large loss in Organic Search Traffic – between 10% and 50%. Site managers can resolve this penalty by creating a disavow list of bad domains, undoing any spam link networks, and stopping any spam-related activities, such as fake link clicking or anything designed to game Google.
Manual Action: This is the most severe form of punishment by Google and usually results in an immediate loss of 90% to 99% of traffic. Fortunately, it is always accompanied by an email, sent to the user’s setup in the website's Google Search Console profile, as well as typical webmaster emails like “[email protected]” or “[email protected]”. If you did not previously have a GSC account, any older messages can be seen typically within 48 hours of creating an account. You can also confirm this by checking the Manual Actions component of GSC
Site managers can resolve this type of penalty by creating a comprehensive disavow list, as Manual Action is almost always related to a bad link profile. After uploading your disavow list, you must ask for a manual reconsideration. Google may or may not respond, and even if you disavow everything, the Google Search Quality team must decide whether or not to give a reprieve. Reasons for not doing so might include multiple reconsideration requests or multiple/repeat infractions.
Tip: beware that backlink detox reports might include low quality sites that aren’t necessarily created by purchased links, but by low quality scraper sites – which typically scrape highly ranked PR and Blog articles. Always consult an SEO professional if in doubt.
How to Respond to Black PR
In the event that your organization is the victim of a negative SEO attack, there are several actions you can take to shut it down. You can try asking publishers to remove pages and threaten legal action if they do not comply. Another option is to balance the negative coverage surrounding your organization by creating positive news content (hiring a public relations agency helps). A more comprehensive option includes embarking on a reputation management campaign that entails ramping up activity on company social media accounts, creating a Google My Business Account, or expanding news, blog and PR content on-site and off-site.
There are also a variety of link detox tools, listed below, that can help users monitor for intended spam attacks targeting their organization’s web assets. Most of the top SEO all-in-one tools (LRT, SEMrush, Moz) will give you a link detox score and monitor your backlinks on a daily or weekly basis. The following are examples of backlink audit tools and toxicity scores provided by monitoring tools.
What should you do if you think you’re a victim of negative SEO?
- Do not wait!
- Create a Google Search Console Account and verify your web properties.
- Verify toxicity via a third-party tool.
- Create an email list of web admins your site is listed on and try to get as many removed as possible.
- Create a disavow list and upload it to Google Search Console.
- Contact the Google Search Quality team (warning: this is a public forum, so if you mention your domain name here, it will be publicly visible).
To learn more about how cybercriminals communicate to buy and trade commodities like black PR, read our report on hackers moving to secure instant messaging platforms to obscure their activity from authorities.
Kevin Diffily is a Product Marketing Manager at IntSights. He strives to provide security teams with the knowledge and tools they need to enable proactive defense against emerging cyberattacks. Kevin has a background in journalism, brand development, content marketing, and social media management. He received his B.A. in Communication from Curry College and his M.A. in Integrated Marketing Communication from Emerson College. He is a staunch proponent of gratuitous Oxford comma use.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.