This is a full list of negative SEO and SEM tactics that could be used against your business to harm it. My team and I along with other colleagues helped develop this guide to help webmasters, business owners, and marketers better detect and fight against negative attacks on their business that attempt to reduce or eliminate their visibility in search engines.

There are various different types of Negative SEO and SEM tactics that can be broken down into smaller categories including: Negative Local SEO, Negative PPC, and Negative SEO. Some of these tactics no longer work thankfully but are included here for reference in case they re-emerge in the near future.

Negative SEO Tactics

No matter what you have heard, Negative SEO is real and can be quite scary to deal with. These are the known negative SEO tactics and how you can defend against them.

1. Hacking Your Website and Injecting Spammy or Malicious Content

One of the top ways to eliminate a website’s visibility in Google Search or other search engines is to hack their website and use an XSS injection technique or other technique to sneakily insert content the engine might deem as malicious. When Google and other engines detect such content by crawling a site they immediately began to drop the site from rankings. These hacks are silent, meaning they do not take the website down or vandalize it in a noticeable way, making it nearly impossible for the website owner to detect the attack except if they track rankings / analytics traffic / or Google Search Console on a daily basis. No uptime monitors or other similar software will catch these attacks but CMS level or server-side malware / anti-virus software may detect them.

How to defend against this type attack:
The defense against this type of attack varies but at a minimum your website should be running at least a firewall or anti-malware system and have a plan to keep your OS and CMS up to date. More advanced setups might include daily backups or data-redundancy backup systems and multiple software systems scanning the site continuously for attacks. Sometimes these are all handled by your web hosting company, in some cases they are handled in-house, sometimes they are serviced by individual vendors, and in other cases they are ala carte services provided by an existing vendor. As an SEO you should at least understand who is managing and monitoring these systems and what the plan of action is.

2. Pointing Spammy or Clearly Paid-For Links to Your Website

Google evaluates links on a variety of metrics these days and, while SEOs argue about the exact implementation, it is believed that links could somehow harm your website by being “toxic”. Google claims that today this is not really the case and that most often they simply ‘mute’ or ignore these links, however, if a competitor can buy links and make it look like you purchased those links then it might attract one of Google’s algorithm systems that induce negative values into your inbound links to bring down the rankings of your website’s content. In most cases here you would likely get a Manual Action notice in Google Search Console OR see a sudden high-volume of inbound links with exact-match anchor text that you are unfamiliar with. This is one reason why it is best to have a full understanding of what your SEO agency is doing.

How to defend against this type attack:
The best defense is sometimes a great offense. If you suspect a competitor might be trying to poison your inbound links in order to push you down in the rankings, then your SEO budget should be focused on building high-quality inbound links even if these are simply branded links or use keywords that are not your targets like “website” or “see more”. If you do receive a manual action from Google this is what the disavow file is for. Carefully build this and do not simply use a tool that claims to detect “toxic links” as they frequently provide false positives and can adversely harm your SEO even more.

3. False Link Takedown Requests

A competitor who is struggling to compete against you might instead try to impersonate you and reach out to various publishers, editors, and authors who have mentioned your content demanding that they remove links pointing to your site due to some new Google policy. Well intentioned media may then take this requested action and remove your links causing ranking drops that are difficult to explain by your agency or in-house SEO team.

How to defend against this type attack:
Since you do not own or control these publications, it could be extremely difficult for you to quickly detect or stop this attack even if you could detect it. You can use link monitoring tools to try and detect such an attack but they might cause a lot of busy work through false positives or fail to detect such an attack in a timely fashion. SEO tool platforms providing data like “links lost” can also be a source of headaches as these are based on their own internal dataset and they frequently get things wrong here. Once you detect an attack and confirm it through validating the data from your tool provider there is almost no way to stop the damage. If you have logs of your contacts with the publisher you might be able to reverse one link takedown, but that’s where this can get even murkier. Publishers could determine to remove links at any time on their own accord and not due to any negative SEO attack. Large publishers do this frequently to old articles to keep from linking to outdated sources or shuttered websites that are sold on the after-market auction but it also has the nice side effect of increasing their PageRank scores which aids their own SEO ambitions. Publishers and blogs might also frequently cull or “prune” their content or re-write it to be more updated and appealing. All of these scenarios mean your links could be removed and that this is not some kind of attack but just the nature of the web. Instead of spending large volumes of resources trying to track and defend against such an attack, we advise simply investing in ongoing link building that has positive outcomes such as Digital PR or Link Magnet creation.

4. Fraudulent DMCA Takedown Requests

One of the nastiest forms of Negative SEO is simply getting content completely removed from Google and/or other search engines. Sleazy SEO agencies or your competitors will file a DMCA takedown with Google who then automatically determines if it is legitimate or not, siding with the requester and not the live content. Google does a terrible job of explaining how their automated DMCA system works and most often does nothing to notify the site that content has been removed due to a DMCA request. This makes it particularly difficult to determine if you were hit by such an attack and even harder to recover.

DMCA takedown attacks come typically in 2 varieties: Flagrant and Stealth. A flagrant attack is one that goes after your core or money making pages. A Stealth attack is one that goes after smaller pages that support your main content such as blog posts, help documents, etc…

How to defend against this type attack:
There is no way to stop this kind of attack or even reduce the impact of it. Google’s automated DMCA takedown systems are open to abuse and that abuse could be targeted at your website – especially if you’re successful and your competitors are not currently. To recover from this kind of attack you must first determine you were hit by it. Go to “LumenDatabase.org” and type in your website domain inside of quotations and search, like this “mywebsite.com”.

5. Content Duplication / Scraping Attack

Ever since Google introduced a filter to keep duplicate content from being indexed, spammy SEOs have tried to build websites with stolen content and worked to get that content to replace the original in the search results. While Google is fairly good at this today the rise of LLM-AI systems makes this tactic far easier than ever before for an attacker to attempt.

How to defend against this type attack:
The only way to protect against this kind of attack is to watch for evidence that your copyrighted content is being used and then submit DMCA claims to have it taken down. The easiest way to do this is look for duplicating of unique images of which you own the full copyrights to. There’s also the case of Genius proving that Google scraped their website to steal lyrics content by hiding code in lyrics that then appeared in Google’s featured lyrics snippet. You may have to get creative with this one, especially if your content is being duplicated by a scammer or competitor at scale but using an LLM to make it appear more unique (plagiarism instead of straight copyright infringement).

6. Robots.txt Injection / Overwriting Attack

In this kind of attack a competitor may discover that your Robots.txt is vulnerable to injection or editing via a CMS flaw, plugin with file manager access, XSS, etc… Once they make this determination the attacker simply overwrites your existing Robots.txt and changes it to one that blocks all crawlers (disavow all). These attacks are uncommon but are also extremely difficult to notice though easily uncovered by visiting the URL for the Robots.txt file. In one case we learned about a client who had an ex-employee from years prior that was still an admin on their site (WordPress) and whose email login information was available in a darkweb repository – including a live email with the client still. A competitor searched for this, downloaded the data, accessed the email, reset the password for the WP admin, logged in, made 1 change (disallow all in the Robots.txt via Yoast) and then logged out. The client hired multiple firms and ultimately hired us, we found it in minutes and fixed it.

How to defend against this type attack:
Keep your CMS / underlying codebases up to date to ensure your site is unable to be attacked easily. Manage and keep tight control of who can access and edit your Robots.txt. Generally CMS admins, SEOs, and your webmaster or I.T. team should have access. Practice good security hygiene having your team update their passwords on a frequent enough basis and always remove all admins on your site once their access is no longer required.

7. Google Search Console URL Removal Tool Attack

In this negative SEO attack a user will somehow gain access to your Google Search Console and then work to remove the entire site or specific pages via the URL removal tool. Often times that person is granted the GSC access and doesn’t brute force or hack their way into it. Generally the access is obtained via social engineering attacks or fake job applicants who accept the job only to gain the needed GSC access. This is probably one of the most rare types of Negative SEO attacks out there due to how much work is involved in obtaining the required GSC access but also because the URL removal is temporary. Anyone going to these lengths could do far more damage by sabotaging other areas, so unless they gain the GSC access easily it is probably too much effort for too little of negative impact.

How to defend against this type attack:
Just like with your Robots.txt make sure to be careful about who has this access and keep it restricted to only those employees and SEO consultants where this is a required part of their work.

8. Poor Advice Attack

This is one of the sneakiest and most underhanded Negative SEO attacks though also probably the most ethical. In this attack type a competitor works to feed you or your SEO team bad advice. This could be done via your contact forms, emails, billboards, snail mail, targeted digital ads, YouTube / Blog / Newsletter / Social Media content, or even by making friendships. In one case we worked on a competitor used to hire a mobile billboard to drive around the client’s office and home throughout all hours of the day. The billboard would have supposedly quality SEO advice on it like “SEO Fact: Google no longer uses title tags, delete them or suffer a spam penalty”. Eventually this caused a slight ruckus at the client’s business but we were able to convince stakeholders this was a high stakes negative SEO attack from a desperate competitor who had already tried various attacks.

How to defend against this type attack:
This is one reason we always recommend clients find a competent SEO they like, hire them, and trust them. You should also ignore virtually ALL contact messages you get about SEO via your contact forms, LinkedIn, etc… If you are not seeking the SEO advice, they are likely peddling you worthless spam or worse – terrible advice aimed at eliminating you as a competitor. LLM-AI’s are making this far worse since they are easily poisoned with SEO advice that might sound sane to a novice but is actually terrible. My favorite right now is a lie that “no one uses Google”. A very powerful negative SEO attack that is making it harder to discuss SEO needs with clients without addressing numerous other things at the same time.

9. Negative CrUX Attack

Google uses Chrome data to develop a user experience report known colloquially as CrUX (Chrome User Experience Report). This report is created from GLOBAL web traffic if the volume of traffic from one country is significant enough. In 2022 Google’s John Mueller admitted that CrUX data was indeed a ranking factor in Google. Today we can unfortunately verify that this tactic is highly effective and damaging for local businesses who do not have an international presence but suddenly start gaining an influx of traffic from one or more foreign countries – most often via the “Direct” channel. The attackers, typically someone being paid by a competitor to your business, send hundreds or thousands of real web user visitors per day from their country using Google’s Chrome browser to pages on your website. The web traffic can sometimes be artificially slowed causing more damage. Most of the traffic goes to the homepage and pages in the main menu, with some of it going to other pages on your website, usually blog posts easily found. Most likely the attackers are using a phone farm or other automated cluster of devices to perform the attack and most often the stay for a set period of time – typically longer than 10-seconds with 1 minute being the most common time frame we’ve seen.

You’ll know it’s a Negative CrUX Attack and not bot data if the data shows up in Google’s Search Console as 100% poor urls (or a high percentage) matching close the same time period as the foreign slow traffic you see in Google Analytics (or another analytics system) driving your CrUX score down. From what we’ve seen Google begins to apply this to rankings within 5 to 7 days and it fully hits a website’s rankings / traffic / visibility between 3 and 4 weeks later.

How to defend against this type attack:
The best defense is a good offense. Having a fast loading site with no large objects in the DOM or render blocking will go a long ways as will properly caching, compressing, and expiring content and using a CDN. However, these do not fix all of your problems and a fast site with 1 second TTFB or Full Page Load times is still susceptible to this kind of attack. The only real solution is to block users in the country being used to harm you or improve your infrastructure to better serve that country temporarily. For blocking, CloudFlare’s security rules work really well (not perfect) to block or challenge traffic at the firewall (WAF) that is likely causing your issues. Once you block or handle the traffic you’ll see the GSC report updating within 48-hours, the attack traffic in GA4 declining within 12 to 24 hours, but it could takes weeks or months for rankings to return to normal – if they ever do.

WAF blocking for a whole country is not perfect and if the traffic persists despite blocking you’ll have no choice left but to work on upgrading infrastructure or improving your site’s code to try and reduce the damage. Eventually, whoever is paying for the Negative CrUX attack will stop and things should return to normal-ish a few weeks later.

Negative Local SEO Tactics

Negative Local SEO is, in many ways, far more brutal than its older sibling Negative SEO. That is because these tactics tend to attack your business’ very identity and reputation instead of some background meta data on the web an engine might use.

1. Editing Your Business Name

The easiest way for a competitor to harm your business is to claim to Google that your name is wrong and convince them to change your name. For example if you were Which Wich and your competitor wanted to rank on “Superior Sandwiches” they could mockup photos of your logo and store signage that had this removed and then request that Google change your name from “Which Wich Superior Sandwiches” to just “Which Wich”.

This happens all the time, but most don’t go to the trouble of sending in a lot of fake photos and videos, but instead make enough edits to your name that Google’s system believes it is viable and changes the name on your profile.

How to defend against this type attack:
Google should email you / your SEO when the business listing name on Google Business Profile is changed. When this happens go in and change your name back. Most of the time they will push this through in a few minutes to a few hours and that’s the end of it. Sometimes the negative attack will continue multiple times day for weeks and other times Google will suspend your account for having a name that violates their terms, though the later is far more rare. In any case it is frustrating that Google trusts random strangers who are not connected to your business to change your name so readily and so frequently.

2. Fake Bad / 1-star Reviews

This is the one that angers business owner the most though its immediate and long-term impact may not be as bad as many others. Likely this is because these fake reviews feel like attacks on you as a person or on what you have dedicated years of your life to building or on your family’s livelihood and future. All review platforms have policies against fake negative and positive reviews, but it doesn’t take long for business owners and SEOs to realize how underwhelming the systems these platforms deploy perform at stopping such attacks. Not all fake negative reviews are equal either. Some are left without any text (i.e. rating only), some are left by friends/family of a real customer who had a bad experience, some are left by ex-employees, some are left by social media users who are unhappy with you or a staff member, and some are left by your competitors seeking to harm your business or by those they hire.

We’ve combatted many types of fake negative reviews including ones that use photos from around the web to better sell their fake story and those who go on insane rants attempting to smear your company with made up non-sense. In all cases Google stinks at reviewing them and taking them down quickly.

How to defend against this type attack (Google Maps / Google Business Profile):
Much like attacks on your link profile, the best thing to do here is to keep moving forward and gaining new quality reviews within Google’s guidelines. I don’t want to go into extreme details here so as not to help would-be negative SEOs from attacking you. Google Maps provides a series of ways to report fake reviews, but their success varies. None of them allow you to leave notes or explain why the review is fake to Google. When you get a fake negative review click on the 3-dots to the right of the review and select “flag as inappropriate” and then in most cases you’ll want to select “Off Topic” or “Spam” and then submit. Ask any staff, friends, and family to help you with this reporting as a higher volume of reports tends to correlate to faster action and more importantly a higher volume of removals. Expect Google to take a few days here and expect them to only take action on somewhere between 50% and 85% of the reported fake reviews. If you have just one nasty negative review, you have a 50/50 shot of getting it removed. If you have a friend in the media, getting media coverage is almost a 100% guarantee that the fake reviews will get removed to help protect Google’s brand, especially if the journalist tells a truthful story or is known for being a truthful person. The last resort option to get an escalation would be to post to Google’s product forums where volunteers Google endues with some limited power can take your story and escalate it to Google. However, if you are trying to be private or have a legal conflict (i.e. HIPPA) this and the media route are likely not going to work for you.

You should always consider responding to fake negative reviews and point out that they are not customers. Be warned however, that some fake reviewers will edit their review to make you look even worse after you response. Make sure to always take a screenshot before you reply so you have a record of what they said (or keep the email alert Google sends you).

3. Fake 3-star Reviews

Competitors might buy a series of fake 3-star reviews that instead of trying to eviscerate your business instead seek to use a mildly-bad fake experience to bring down your overall rating a little.

How to defend against this type attack (Google Maps / Google Business Profile):
No way to defend against this. Focus on gaining more 4 and 5 star reviews within Google’s guidelines and providing a great experience. It would also help to reply telling other users this person never did business with you. While that may not help get these removed immediately, fake review accounts often leave more than one fake review and Google could theoretically see all of this data. It stands to reason if multiple businesses reply saying this person was never a customer, then Google might take action eventually and nuke the entire profile for TOS violations.

4. Fake Business Does Not Exist Takedown Request

A sneaky use of Google Maps reporting features is to report that a business does not exist at all at the location. When credible versions of this report are received Google’s team looks at a streetview of the location (if available) and will take it down if there is no signage posted at the location. They tend to only take down listings if there are no reviews or very few reviews or if it is a Service Area Business.

How to defend against this type attack (Google Maps / Google Business Profile):
If you have signage on your door (in an office building) or the streetview is old, these can be pretty easy to combat and a simple reconsideration request does the trick. However, if you do not have signage since this is at your house and is set to a SAB, these can be notoriously difficult to fight. Google has also apparently limited each takedown to one request and the only option if this fails is to scream into the void or post on the Product Forums. Google has also been known to take down your listing, create an entirely new listing, and not allow you to request ownership of it or make changes to it. This of course delete all of your past reviews, etc… Once you get Google to agree to take your original listing back live you have to also ask them to merge the newly created listing in with any newly gained reviews. This whole process can take a few months to over a year, which is why even if you are an SAB, it is best to have some kind of signage at your location so if this happens you can avoid the long-term ramifications.

5. Fake Business Citations

Similar to fake inbound links that are “toxic” or could lead to a manual link action (i.e. penalty). One way you could be attacked with Negative Local SEO is by your competitor creating fake citation data on listing sites with a wrong address or phone number or both for you business. Even slight misspellings here could poison your local rankings and would be difficult to detect in the moment. These are cheap for a competitor to do but potentially time consuming so they might only be done once or twice before they move on to something else.

How to defend against this type attack:
You should scan each location at least one per year for duplicate or incorrect NAP citation listings. There are some services that automate this or your agency might handle it. If you’re paying attention these can often be caught and corrected or removed fairly quickly.

6. Fake Business Location

While this might sound similar to fake citation listings, this tactic seeks to confuse your local customers/clients into contacting the wrong business. For example let’s say you have a dental practice in Manhattan, NYC but you have some customers in Queens. A competitor who figures this out could theoretically claim a fake business listing in Queens with a phone number that forwards to them or a call center working for them and by doing so siphon away your customers. A real local competitor is unlikely to do this however due to laws against such confusingly similar names. However, an overseas scammer might try this in order to sell you leads that were already trying to contact you at a premium price. Scammers can try this without creating listings on Google. For example if they built a website and were able to get citation distribution, sometimes Google Maps will just create the listing for them when the information is found.

How to defend against this type attack:
You or your SEO should look on Google Maps in different areas you service for your brand name from time to time. If you find duplicate listings that are not yours, seek to get them taken down asap. This is why having a trademarkable name comes in handy since you can quickly file to protect your trademark and get these fake businesses taken down.

7. Spam Business Locations to Compete Against You

Number 6 above is rarely done because it is frequently unsuccessful. However, fake spam listings are quite successful instead and help both overseas scammers and your competitors. Lead Gen scammers overseas have a tactic where they create a fake business listing in all of your markets and/or in a circle around your business if it is neighborhood focused. They do this by offering to pay people on Craigslist or other places where folks are seeking ways to make a quick buck to use their mailbox, frequently paying $100 to $500 for them to get a Google Business Profile postcard and send them a picture of it. Once they have the listing they pair it up with a cheaply built site (often they all look identical minus a logo) and fake reviews they purchase. Then this scammer will try and force you to buy their leads at a high price or sell them to a competitor of yours.

How to defend against this type attack:
These scammers have one tactic that works the best, they use the name of the city or neighborhood and the service/industry in their title. For example Tulsa Turf Installers or El Paso Electrical Company or Seattle Sprinkler Repair Team. If you or your SEO see a company like this pop-up in your market area check to see if the address listed is a single-family home, apartment, virtual office company, UPS/FedEx/Mailbox location, or a Coworking space. If the answer to any of these is yes, then this is a scammer coming after your local industry. Another tell tale sign will be a massive influx of reviews all dated within 24 to 72 hours of each other, often outnumbering businesses who have been in your city for decades.

Immediately start reporting these locations as “Does Not Exist Here” if you have enough evidence they are fake and immediately start building documentation for a Redressal Report to Google. That includes screenshots of their business profile (they could remove the address at any moment), website, phone call recordings, emails from them, etc… If you do not buy their leads, I promise you one of your competitors will do so to avoid having losses or doing their own SEO. Google is INCREDIBLY slow at removing these fake profiles so knuckle down and go into detective mode collecting all of the data you can. Maybe instead of telling them off when they try to sell you leads, play along in order to get documentation from them you can include in your report. Finally, file your report and wait 2-weeks. If Google does not take them down, go and post in the Product Forums and keep pushing and reporting until they disappear.

8. Fake Claiming Your Business as Owner or Manager

Google allows anyone to request ownership or management of your Google Business Profile. This has logic behind it. If you sell your business or higher a new SEO it is only logical that you be able to grant people access to your account. However, if you have an “Owner” on the profile that is not very savvy they might interpret this request as reasonable and and grant it without asking questions. Most often this a well-meaning SEO or consultant or a limited partner or a business owner who confuses the request for their agency/consultant.

Once they have ownership of the profile of course they can alter your information, remove other Owners and Managers, and delete the profile if they want. This can go from an oops to a nightmare real quick and it is commonly done by negative SEO practitioners because it is so low effort and low cost to perform. Even a 0.001% success rate is a win so they almost always do this one first. If you get one or more of these fake requests, it’s a good sign other negative attacks on your profile are inevitable.

How to defend against this type attack:
You should always have a good understanding of who will accept these requests and exactly who will make such requests. As an agency we do this at our Kick Off with a client and only update when needed via email and/or a video call to confirm who the request is coming from before it is sent. As a company you should only have 1 person who accepts such requests internally and that person should always ask “is this a scammer” before accepting. An ounce of prevention is worth several tons of cure in this case and it pays to be skeptical and cautious.

9. Competitor Editing Your Online NAP Citations to a Legitimate but Different Name, Address, or Phone Number

In this tactics a competitor will try and edit your Name, Address, or Phone number on listings across the web. The edits can be aggressively inaccurate or can be slight variations making your citation data lower quality and creating small but meaningful harm to your physical location’s digital fingerprint.

The most common form for this is just a barrage of spam requests to a listing site or multiple sites. In some cases, they can do this by claiming to represent your business. Another way this is pulled off is if you open a new location near an existing one, a competitor can sometimes be successful in getting the old locations address updated to the new location. Worse yet is that there are numerous citation distribution platforms out there that have the trust of business listing sites, this trust could be abused and for quite a low cost, in order to

Early signs that this is impacting your business would be seeing traffic from one Google Business Profile listing dropping while one or more others stay the same or improve. If you have collected citation data in the past you can then compare the listings and fix this issue fairly quickly and inexpensively. This is one reason we always recommend clients use UTM parameters to track traffic from specific GBP profiles, it allows seeing issues like this clearly.

How to defend against this type attack:
Proactive monitoring and checkups on your location citations is really the only way to combat this tactic.

Negative PPC Tactics

This is an odd one for folks to wrap their head around. Would a competitor really run ads to harm my business? The answer is a resounding YES. Remember negative tactics are about quick wins and a lot of times running those ads via a proxy or something else leads to those quick wins for a competitor while causing you harm. Negative PPC tactics are often short-lived since Google and other engines make their money servicing these platforms, so expect quick action when these are uncovered.

1. Making a Fake Local Search Ad For Your Business

A competitor builds an Local Search Ad (LSA) for your business which Google Ads allows to automatically connect to your Google Business Profile without authorization. Once set up, your LSAs completely disappear.

Discovered by Ben Fisher on February 6th, 2024:

This is a brutal new tactic that competitors are doing on LSA.

A competitor makes a new LSA for a competitor and because the link to GBP is automatic the system will essentially nuke the competitor out of existence. @adsliaison this is wrong on many levels. pic.twitter.com/8iCDwEHBYh

— Ben Fisher (@TheSocialDude) February 6, 2024

How to defend against this type attack:
There are no known defenses or resolutions to this attack. Possibly reaching out to a Google Ads or LSA rep might work, but so far this is unknown.

Negative AI SEO Tactics

While these likely belong under the above Negative SEO tactics section, we have added them here since some people are currently separating SEO and AI SEO (aka “GEO” or whatever other name/acronym they are using for LLM-AI based search).

1. Making Fake Listicles to Reduce Rankings

A competitor creates and/or pays a website to create a listicle that ranks your brand or website at or near the bottom of the list while of course ranking themselves at the top. Since LLMs largely rely upon consensus amongst a corpus of documents either pulled as RAG or used in training to come to conclusions, if you currently rank #1 a lot and a competitor ranks much lower then can use this tactic to try and drag your ranking / ranking frequency down while increasing their own.

How to defend against this type attack:
The trick here is that your competitor has to try and get their content to rank highly in an associated search engine’s index like Google (Gemini, AI Mode, AI Overviews) or Bing (ChatGPT, Yahoo! Scout, DuckDuckGo Chat, etc…). If you proactively work on your reputation in places specific LLMs are known to train or grab content for RAG then you can use those platforms / publishers to combat such an attack effectively or prevent it entirely.

2. Creating False Defamatory Content

LLMs have several quirks that opens them up to abuse by your more nefarious competitors. Chief among them is high trust in certain websites (typically based on Search Engine rankings or via licensing deals) and second among them is being overly verbose (i.e. often giving too much information). An example of the second one is that ChatGPT currently lists legal issues a person affiliate with a brand and/or a brand is experiencing or has experienced in the past if such legal issues carry enough sensational information to gain media attention.

In this attack the attacker uses both weaknesses finding a high trust site and using various tactics to gain publishing access to the site. Once access is gained they publish a series of incorrect defamatory content that is likely to be repeated by an LLM when someone asks if they should do business with that person or brand.

How to defend against this type attack:
There is no real way to fight against this type of attack and in many cases you might be unaware that it is even happening for days, weeks, or months. Instead consider proactive reputation management. Have your brand engage in good things, have main members of your team do things that are seen in a positive light, gather testimonials and reviews for your brand and main players on a page dedicated to that entity and work to get this content ingested by LLMs or ranking in search results. Then once you notice a defamation attack find the source content and work to get it removed.