So long as Google is relying on data to decide the ranking of a website, it will be possible to view that data either positively or negatively. Thus the threat of a Negative SEO Attack prevails on your website and you need to be prepared to tackle these issues as and if they arises.
In order to simplify the article for your understanding, we are breaking SEO into the buckets of content, links, and user signals.
- Seeking out toxicity. Another tactic is to put outbound links on toxic websites, thus associating their targets with these known ill-reputed players.
- Social links from low-quality accounts can impact the google rankings significantly. It is possible in future, that Google may start to place a premium on who shares a link, especially with verified accounts, but in the current scenario, having your website links getting shared out by known bot networks may result in an adverse reaction thus impacting the ranking of your website negatively.
- Anonymous/fake press releases. This tactic, still works for positive SEO but at some point, it can very well be used by an attacker as he submits a press release anonymously and purchased placement via cryptocurrencies. Such a tactic would negatively impact your google ranking in two ways: first, the targeted anchor text may trip an algorithmic link penalty and second it would potentially result in bad press ranking for key terms.
- Duplicate content served through proxies. An old tactic but still an effective one. The way this tactic works is getting a proxy gateway site to index and effectively crawl a website, making and displaying a copy of it.
- Misused AMP. AMP can be misused in order to cause confusion among users and webmasters alike. In regards to negative SEO, AMP site with bad content can be created and rel=canonical tag can be used to connect it to a target site.
- Injected canonicals. Just as an attacker can inject content onto a site through a technical misconfiguration, a bad actor may implement a progressive web app and associate the PWA with a target domain, via the hack. If properly cloaked, this PWA could appear as a normal branded PWA, but can steal customer information or cause reputational problems.
- Knowledge graph, rich snippets, reviews and other Google property listings. Inundating Google hosted features with incorrect information and negative reviews is possible even now. This can result in a waste of time for a webmaster. And if done aggressively, the bad actor can do a variety of things:
He can repeatedly business listings as closed.
He can update the website listings to point to a competitor.
He can update the addresses to known spam addresses.
He can Update the existing links to valid yet incorrect pages.
2. 3rd party review sites. This attack vector would work in two different ways. First, reducing the amount of traffic by having a significant number of bad reviews. Secondly as most 3rd party reviews on the first page be negative, people would tend to pre-judge the quality of the service or product thus negatively impacting the traffic on your website.