A real-life horror story [client case study]
This horror story involves hacking, a powerful website domain, stolen sales, and a sneaky competitor. It can happen to anyone, so stick with us as we tell our client’s recent horror story.
To protect the identity of our client and all parties involved, they will remain anonymous throughout this case study but unfortunately, everything that will be written is true.
We cannot estimate the sum of revenue that this client may have lost because of what happened, but it is an uncomfortable thought.
The scary situation
Our client, who we’ll nickname ‘The Blue Plant Company’, is an online store leading in their industry, who have been so successful over the past three years that they’ve grown to a phenomenal three-million-pound company from the ground up.
Last Friday we received several messages from this client reporting that when they typed their brand name into Google, their website no longer appeared at the top of the search but instead had been replaced by a university. The university was now being listed as The Blue Plant Company on Google and “stealing” any visitors looking for our client.
At an initial glance with the human eye, there was nothing wrong with The Blue Plant Company’s website, nor was there an issue with the university’s website.
Now, this is where it gets sticky.
The real issue
After further inspection, it became apparent the issue could not be identified by the human eye.
The university’s website had been hacked, with two versions of the website being shown. One version was for Google robots, where the website had been optimised to appear in Google for The Blue Plant Company. The second version was for human consumption and appeared completely normal to users.
But, why you might ask?
This becomes apparent later, but this was done to obtain the university’s valuable domain authority i.e. the website’s power in search results.
A university’s website domain is extremely powerful, authoritative, and trusted by Google. Most SME company websites, like yours and ours, have a much lower website authority compared to universities. As domain power is an important search engine ranking factor, university websites are likely to appear above other competing websites in search results.
The outcome
This hack had been in place for a few days meaning Google had “saved” the university into its index and its search results. This attracted little attention, since to the human eye, everything looked normal. When typing our client’s brand into Google, users clicked on the top incorrect result, the university’s website, thinking it was The Blue Plant Company.
This had all been done leading up to the finale to the hackers’ plan.
Yesterday, the hacker, or should we say competitor, redirected all traffic visiting the university to their own website. This means every person who typed in 'The Blue Plant Company' was now landing on The Blue Planet Company’s competitor website from the university website, who came up first in Google search results.
This means the competitor was stealing not just their traffic, but their sales too.
The solution
Other than to act fast, Kayo Digital realised a few things had to be put into place to stop this horror show.
We communicated with the university straight away so they could resolve their hacking issue, but that did not stop the immediate problem of The Blue Plant Company’s sales being stolen by the hacked site. The issue was in the university’s hands to solve, but Kayo Digital had to be proactive in the meantime for our client.
We looked to create a Google Ad for The Blue Plant Company. Google Ads are always placed above organic search results, so the ad would direct users to the real website for people searching for 'The Blue Plant Company'. Whilst this does not solve the issue directly, it prevents a higher proportion of internet searchers reaching the wrong website.
Finally, an email was sent to The Blue Plant Company’s customers, informing them of the issue to help obstruct the besmirching of the brand by its competitor. Whilst The Blue Company was in no way responsible, it was important to prevent any damage to the brand’s reputation.
Final thoughts
Everyone believes their site is safe from hacking. No one thinks this will happen to their business, and whilst the chances are low, it's vital that you have plans and security procedures in place for your website.
This horror story also highlights the importance of monitoring your search engine positioning, your traffic and online presence, as without quick identification of this problem, it could have been much more damaging.
If you want to learn more about how you can protect your website, our web development and digital marketing can help. Get in touch today to discuss your plan of action.