How product counterfeiters use black hat SEO

Helping our customers to investigate online crimes can be a real learning experience sometimes.  Lately we've been learning a lot about a topic that we never had to think about before - black hat SEO.  It's one of the best tools in the criminal toolbox for trying to persuade people to buy counterfeit products online, from shoes to pharmaceuticals.  Here's how it works.

Criminals selling counterfeit products online have the same problem that all enterprising entrepreneurs have - how on earth do you get search engines to send people to your site?  Building a nice, clean site with a flawless shopping experience is now within the reach of middle-schoolers, but clearly that's not enough to drive traffic to buy your fake sneakers.

Mostly the advice that entrepreneurs get on search engine optimization (SEO) circa 2017 is : "Write great content and you will get links from authoritative sites, which will put you right on the first page of Google results".  Excellent advice for a long-term investment.  That's why I'm writing this blog after all.

How criminals get traffic

If only that worked for counterfeit products, then criminals could just churn out great, useful content and everything would be awesome.  But, I expect they don't have much luck getting authoritative sites to link to their fake product sites.    And they expect to get shutdown at some point and need to bounce back immediately with another site.    So, back to the drawing board.

Criminals need a way to get sites with some authority to point to their counterfeit ecommerce sites.  In the olden days, they could just create link farms that generated tons of links to their site, but modern search engines don’t fall for the old tricks any more.  So, enterprising hackers came up with a better way - hack into real sites and publish pages linking to their sites. 

Criminals need a way to get sites with some authority to point to their counterfeit ecommerce sites.

For example, let's say you have a condo board with a web site www.ourcondoboard.com that was written 10 years ago by an intern.  It's full of security holes, so no trouble at all for a hacker to take it over.  Then the hacker can add hidden pages all about sneakers to the condo site (hidden so that condo residents can't find them, but search engines can) with links to their counterfeit product site.  Repeat several hundred times, and hello, first page of Google results.

Of course, the skill sets for hacking into sites and the skills for importing and selling counterfeit products are actually quite different.  This leads to a thriving illegal market in hacked sites for sale. Hackers compromise a site, and then sell it on down the value chain for other criminals to use.

Investigating counterfeit sites

Here's how you can undertake this kind of investigation in Hubstream Intelligence. 

It's Monday morning, and top of my todo list is to check out the new leads on sites selling counterfeit versions of my brand.  The leads are ranked based on Hubstream's machine learning model, so I can immediately see that I should be starting with a lead for ourcondoboard.com.

The lead shows up like this:

Hubstream helps investigators understand leads quickly

Hmmm. Not only is ourcondoboard.com selling versions of our product that are WAY too cheap, but I can also see that Hubstream is suggesting other related sites.  There is also a network visualization to help me understand the whole picture, so let's take a look:

Hubstream lets you understand all the related information using data visualizations

Well, isn't that interesting.  Ourcondoboard.com is hosting hidden pages with a logo that is showing up in several other leads, and they also have a link to an illegal ecommerce site called verycheapshoes.co for which we have an active investigation.  I'll change the lead into an open case and add some notes.

It's time for some action, let's start by notifying the web site that they have been hacked.  Someone at the condo board is about to have a very bad Monday.