Have you ever clicked on a website link that looked familiar, only to be taken to a completely different website than you expected? If so, you may have been a pagejacker's victim. But it's not you that someone is after. It's your page clicks and views.

What Is Pagejacking?

Pagejacking is a type of online fraud where visitors are redirected to another website without their knowledge.

The term "pagejacking" is coined from two words: webpage and hijacking. The threat actors recreate a website's content, using resources such as images, text, and others without permission from the original site's owner.

Fortunately, there are ways to identify pagejacked websites, such as unusual errors attached to domain names, inferior design, grammatical errors, plus lots of unnecessary ads, redirects, and pop-ups.

Pagejacking has existed for a while but remains a growing trend. Traffic is the primary currency for securing and amassing revenue on the internet. This traffic and, ultimately, income is what pagejackers aim for, as they try to divert as much as possible from the original site.

How Does Pagejacking Work?

It may be tough to determine when a website's content is copied and sometimes altered without authorization, only to be placed on another site.

You click the link to the cloned site, mistaking it for the site you intended to go to, and suddenly, you are barraged with phishing or pornographic content. You might suddenly notice subtle discrepancies in the content that paint the original website badly. At this point, you realize you're in the wrong place, but you can't leave because you're stuck in a loop of endless dialog boxes. You've been mousetrapped!

The site owner goes on to 'trap' you on the webpage, bombarding you with ads and redirecting you to other sites, making it difficult for you to escape.

Pagejacking is executed in different ways based on the experience of the jackets, and the extent of havoc intended. Newbie pagejackers copy a webpage page and paste it onto a page on their site. They can include offers and adjust the links in your content to redirect to other pages on their site.

Man in Green Hoodie and Black Sunglasses Sitting on Orange Chair

However, the more advanced pagejacking strategy is quite clever. First, the pagejacker takes a copy of a page (usually popular). Next, this threat actor creates a page on their site that is a carbon copy of the content they have copied. The pagejacker then includes extra codes so only search engine bots can read the page's content. This technique is called "cloaking."

Cloaking involves presenting different content to search engine bots. Pagejackers do this by using IP address or browser user agent checks to determine if the visitor is a search engine bot. If it is, the bot is shown legitimate content from the original site. If it's a human visitor, they are shown a different page, often with ads or spam.

Who Is at Risk of Pagejacking?

When you, as a website owner, have a page that ranks highly in search engine results pages (SERPs), it can attract good and bad attention—good attention from your target audience and bad attention from pilferers. Some unscrupulous individuals may make copies of your pages to get equally high or higher rankings and capture some of your traffic.

If the pagejacker is well-versed in search engine optimization, most search engine traffic that usually arrives at your site will be redirected to the pagejacker.

How to Detect Pagejacking

To protect your site from being pagejacked, you need to know how to detect pagejacking even in its slightest.

The first step is identifying uncommon phrases on a popular page on your site. Run these phrases through a query on popular search engines like Google. You should only find your page in the results that come back; if there are other results, they are likely instances of pagejacking.

Screenshot of MakeUseOf Google Search Result

Google, MSN, and Yahoo always display extended snippets from various pages, making it easier to identify a site using pagejacked content.

Instead of clicking on the suspected instance of pagejacking to confirm your suspicion, click on the three vertical dots beside the link to the website and click on the "cached" option.

Screenshot of Cached Option for MakeUseOf

It will display the page as it appeared to the search engine robot the last time it was crawled, allowing you to determine if you have been pagejacked. High-ranking pages are usually crawled regularly, so the cached copy should be reasonably fresh.

Screenshot Cached MakeUseOf Website

How to Protect Yourself from Being Pagejacked

You can employ several strategies to protect your website from pagejacking. However, it is important to note that preventing pagejacking requires a multi-faceted approach, and no single solution can guarantee complete protection.

Use Reputable Web Hosting Services

Ensure your website is hosted on a server with proper security measures to protect against hacking attempts. In addition to this, keep your website software, including the content management system and any plugins or modules, up-to-date to ensure that any known security vulnerabilities are patched.

Monitor Your Site's Traffic

A screenshot of the Google Analytics platform

Use tools like Google Analytics or server logs to monitor your website's traffic and look for unusual patterns that could indicate a pagejacking attempt.

Use Anti-Cloaking Solutions

Use anti-cloaking solutions to prevent the website from being cloaked. Anti-cloaking solutions can detect and block cloaking by detecting the technique used. They also provide a way to notify you if any cloaking happens on your website.

Also, scan your website regularly with security tools to look for vulnerabilities and other issues that pagejackers could exploit.

Report to Search Engines

If your website is pagejacked, submit a reconsideration request to Google or other search engines. If the pagejacker uses your website to improve its ranking, the search engines will usually remove the webpage from the search results.

What to Do if You've Been Pagejacked

As a user, there is little you can do to prevent logging into a pagejacked site except to be more careful about the links you're clicking on in the search engine. To be safe, open a site from your bookmarks or type the link in the address bar.

As a site owner, it is a different case. Firstly, pagejacking is classified under copyright and intellectual property theft, as the content and design of your website is copyright material. So, taking legal action is advised.

If you have identified pagejacked content, you also need to save the cached copy of the page. It can serve as evidence later on. Google displays cached copies of pages and adds a box to the top of the page with identifying information, including the URL and the date the cached copy was taken.

Pagejacking: A Nightmare

The internet offers many different kinds of experiences. Certainly, one of the strangest is what pagejacking does: redirecting you, as a user, to an entirely different site, which is often unrelated to where you intended to reach.

When you have issues like this, as a site owner, report the pagejacker. You can also take further legal action. To prevent any occurrence, use reputable web hosting services and anti-cloaking solutions, while regularly monitoring your site's traffic.