On December 20th, 2023, X user Lily Ray made a startling discovery on Google’s search results. 

Screenshot of Lily Ray's Tweet

She had looked up ‘Craiglist used auto parts’ on the search engine and soon discovered that every result in the top 20 was from spam sites. 

They weren’t cleverly veiled spam sites, either – just run-of-the-mill garbage sites that have no business ranking for keywords, let alone appearing in the SERPs at all. 

This wasn’t an isolated incident, either. 

It was soon uncovered that Google was under a MASSIVE spam attack, and it had been going on for a few days. 

Once Lily’s initial discovery went viral, digital marketers began to understand the true scope of the attack. 

Some domains are ranking for hundreds of thousands of keywords, which is insane. 

Not only that but many of these domains were registered within the past 24 – 48 hours of the attack. 

This is clear evidence of foul play, as these spammy domains shouldn’t be able to dominate the SERP rankings as they have. 

What happened? How was an attack of this scale able to take place?

Stay tuned to learn everything we currently know about the attack, how it happened, and what’s being done to mitigate the issue. 

All I Want for Christmas is 300,000 Keyword Rankings 

Once news of the attack began to spread, it didn’t take long for SEOs to do some investigating (after all, detective work goes with the territory). 

Bill Hartzer didn’t waste any time as he used the Majestic backlinks tool to find out what happened. 

Image of Bill Hartzer

In doing so, he was able to put together a link graph that exposes the link networks the spam sites are using. 

Here’s a glimpse at the monstrosity

If you squint a little, it actually looks like a giant mechanical spider hell-bent on the destruction of humanity, but maybe that’s just our imagination. 

All kidding aside, the graph clearly shows that these spammy sites are linking to one another, which is a classic tactic for spammy link networks. 

Creating a network that vast clearly took a lot of time and dedication, but most now believe that this network isn’t responsible for the massive uptick in keyword rankings

Spammy link networks have been linking to one another for a long time now, but they haven’t achieved the impressive results of this particular network. 

Therefore, it’s safe to assume something else is happening here. 

What do these spammy sites look like?

As far as the spam sites that actually appear in the SERPs, it’s impossible to view them with a standard web browser. 

Most of them redirect to other sites that feature sketchy/worthless content, or they don’t show anything at all (really helpful to users, huh?)

To see the website’s URL, you need to visit the domain with a Google IP address. 

Why is that?

It’s because the spam sites are checking exclusively for Google IP addresses (even changing your browser’s user agent to Googlebot won’t work).

As Roger Montti of Search Engine Journal discovered, one of the only ways to view the URL was to use Google’s Rich Results Testing tool (which is normally used to see if your web pages are able to generate SERP features like featured snippets). 

Using the Rich Results tool, Montti was able to finally view the URL the way that it appeared to Google.

As you can see, there’s a tiny H1 and a big H1 that both reiterate the target keyword. 

Other than that, the page contains a bunch of links related to car parts, but that’s about it. 

These spammy sites offer no practical value to users, so how were they able to dominate the SERPs?

One domain even ranked for a whopping 300,000 keywords, which is alarming, to say the least. 

Taking Advantage of Two Loopholes in Google Search 

Okay, enough mystery; it’s time to break down how the spam lords were able to pull something like this off. 

As Bill Hartzer noted during his initial investigation, “This is partly the fault of Google, who appears to be putting more emphasis on content rather than links.”

This is why it was determined that the massive spam link network had little to do with the attack’s success. 

Instead, it’s believed that the spammers found success by targeting long-tail keywords and local keywords

First, let’s take a look at the loophole related to longer queries. 

Targeting long-tail phrases for easy keyword rankings

Long-tail keywords get their name because of their placement on the search demand curve


Short-tail keywords, also called ‘industry’ keywords, have the highest search volume and are the keywords most SEOs target. 

The long tail represents keywords that don’t get much search volume. 

These queries tend to be highly specific, and due to their low search volume, they’re easy to rank for

With a little optimization (like proper keyword placement), it’s not hard to start ranking in the top 20 for lots of long-tail keywords. 

The spammer’s strategy, then, looked like this:

  • Create millions of nonsense pages targeting long-tail phrases 
  • Sit back and enjoy thousands of keyword rankings every day 

However, this technique didn’t account for all the spam pages, so let’s look at the next loophole. 

Taking advantage of local search algorithms 

The spam sites also targeted local search keywords. 

Why’s that?

It’s because, much like long-tail keywords, it’s easy to rank for some local keywords. 

Google’s Local Search algorithm is entirely different from its traditional algorithm, and the ranking requirements are far less stringent. 

For example, local websites don’t need a lot of links to start ranking for a keyword. 

Because of this, if a site uses the right type of keywords (ones containing Craigslist are enormously popular), they can start ranking for local keywords quite easily. 

Therefore, the spammers only had to rinse and repeat their long-tail tactic with local keywords. 

That’s how the perpetrators were able to pull off such a massive and effective spam attack, which is definitely a wake-up call for the team at Google. 

What Happens Now? Predicting Google’s Response

This spam attack exposed glaring weaknesses in two of Google’s algorithms, so they’ll need to address and fix both loopholes ASAP. 

After all, spammy results provide no value to users, which will tarnish Google’s reputation. That’s why it’s imperative for them to fix this issue as soon as they possibly can. 

If you need help navigating the ever-changing search landscape, don’t wait to sign up for HOTH X, our renowned managed SEO service that yields incredible results.