How to Defend Against Black Hat SEO (James Dooley Interviews Brian Kato)

March 5, 2026 / 11:24 / E350

Listen on your favourite platform

Platform	Link
YouTube	Listen on YouTube →

What Does “How to Defend Against Black Hat SEO (James Dooley Interviews Brian Kato)” Talk About?

This episode of the James Dooley Podcast features a focused conversation with cybersecurity-minded SEO expert Brian Kato on the subject of defending against negative or black hat SEO tactics. James opens by asking Brian to explain the landscape of current attacks, and Brian immediately reframes the discussion by pointing out that the majority of so-called attacks are actually self-inflicted — the result of poor link building, weak site foundations, and technical oversights like improper canonical setups. He stresses that understanding what normal baseline performance looks like is the essential first step before anyone can accurately identify a true coordinated attack.

From there, the conversation moves into genuine negative SEO vectors that Brian has observed in his work. He explains entity poisoning in detail — the deliberate effort to disambiguate a brand and decouple its identity in Google's understanding, undermining the clarity and authority a business has built over time. Review bombing is also covered at length, including a real-world extortion scenario James shares where bad actors left one-star reviews and demanded payment to change them. Brian offers practical advice on how to respond to suspicious reviews rather than the commonly used but ineffective denial response. The episode closes with Brian hinting that some of the most damaging negative SEO comes from weaponizing systems that exist inside Google itself, teasing deeper content available at his full talk at SEO Mastery Summit in Vietnam.

“A lot of negative SEO—most of the attacks I get called in to look at—are self-inflicted. They hired a less-than-desirable link builder. They had a crappy link strategy. Their site isn't optimized. A lot of it is self-sabotage.”
— Brian Kato

Who Are the Guests on “How to Defend Against Black Hat SEO (James Dooley Interviews Brian Kato)”?

Brian Kato is a full stack developer turned SEO and online reputation management expert with a strong background in cybersecurity. He has spent years working at the intersection of marketing and cyber, recognizing that the same techniques used to elevate a brand in search results can equally be used to damage one. His work focuses on building resilient digital foundations and defending against coordinated attacks on brand entities, reviews, and search visibility. He was a featured speaker at Mads Singers' SEO Mastery Summit in Vietnam, where he delivered a full talk on advanced negative SEO defense.

James Dooley is the host of the James Dooley Podcast and an established figure in the SEO community, known for his work in link building, digital PR, and organic search strategy. In this episode he plays the role of both interviewer and practitioner, sharing his own observations about review bombing extortion and asking pointed questions about disavow strategy, PBN-style attacks, and entity recognition. His hands-on perspective helps ground the conversation in real-world scenarios that SEO professionals face regularly.

What Are the Key Takeaways From “How to Defend Against Black Hat SEO (James Dooley Interviews Brian Kato)”?

Here are the key points discussed in this episode:

Most negative SEO situations are self-inflicted through poor link building practices, weak technical foundations, and mistakes like incorrect canonical setups rather than true external attacks.
Entity poisoning — the deliberate disambiguation and decoupling of a brand's identity in Google's knowledge graph — is one of the most effective and underappreciated true negative SEO attack vectors.
Establishing a clear baseline of normal site and brand performance is essential, because a coordinated attack is calculated and targeted, making it only identifiable when you know what normal looks like.
When responding to suspicious one-star reviews, framing your reply positively and inviting feedback is more effective than the commonly used denial that you have no record of working with the reviewer.
Disavowing spammy links is rarely necessary since building higher-quality, topically relevant links to dilute toxic signals is generally a more effective counter-strategy, with the exception of links associated with serious illegal content.

“The worst negative SEO I've seen comes from within—and comes from within Google. Some of the worst cases happen when someone weaponizes the system that's supposed to help you.”
— Brian Kato

Is “How to Defend Against Black Hat SEO (James Dooley Interviews Brian Kato)” Worth Listening To?

This episode is worth listening to because it cuts through the noise and fear around negative SEO by offering a grounded, expert-backed framework for understanding what is actually happening when a site or brand comes under threat. Brian Kato's point that most so-called attacks are self-inflicted is genuinely counterintuitive and valuable — it redirects practitioners to audit their own practices before assuming malicious intent, saving time and resources. His specific breakdown of entity poisoning as an attack vector is particularly relevant in an era where Google's understanding of brand identity is central to ranking.

Beyond the conceptual, the episode delivers actionable guidance on real scenarios: how to handle review bombing and extortion attempts, when disavow is worth using and when it is not, and why baselines matter for early detection. The closing tease about negative SEO attacks originating from within Google's own systems is provocative enough to drive listeners toward Brian's full talk while leaving them with something genuinely thought-provoking. For anyone running a business online, managing client SEO, or building long-term brand authority, this conversation offers a rare cybersecurity-informed lens on a topic most SEO content handles too superficially.

Who Should Listen to “How to Defend Against Black Hat SEO (James Dooley Interviews Brian Kato)”?

This episode is ideal for:

SEO professionals and agency owners who want to understand how to distinguish self-inflicted site problems from genuine external attacks
Business owners with established brands who are concerned about reputation threats, review bombing, or competitor sabotage
Digital marketers and consultants who advise clients on brand building and need to understand entity-level vulnerabilities in Google Search
Developers and technical SEOs interested in the intersection of cybersecurity principles and search engine optimization

Where Can You Listen to James Dooley Podcast?

You can listen to James Dooley Podcast on all major podcast platforms:

Apple Podcasts – Search for “James Dooley Podcast” in the Podcasts app
Spotify – Available on Spotify for free
Amazon Music / Audible – Listen through your Amazon account
Overcast – For iOS users who prefer a dedicated podcast app
Pocket Casts – Cross-platform podcast player

You can also subscribe using the RSS feed: https://feeds.transistor.fm/james-dooley-podcast

What Are Listeners Saying About This Episode?

★★★★★

“Brian's point that most negative SEO is self-inflicted genuinely made me rethink how I diagnose client issues. The canonical example alone is something I'm going back to check on three sites immediately. Compact and packed with insight.”

— Marcus T.

★★★★★

“The review bombing section was eye-opening. I've been using the 'we have no record of working with you' response for years and Brian explained clearly why that backfires. Going to completely change how I handle those situations for my local SEO clients.”

— Rachel S.

★★★★★

“Really appreciated the framing around entity poisoning and brand disambiguation — it connected a lot of dots for me about why some brands drop even when their links look fine. The tease at the end about attacks coming from inside Google has me very curious about the full Vietnam talk.”

— Daniel P.

In this conversation, James Dooley interviews cybersecurity-minded SEO expert Brian Kato on how to defend against “black art” (negative) SEO tactics. Brian explains that many “attacks” are self-inflicted through poor link building, weak foundations, and technical mistakes like incorrect canonicals. He then outlines true negative SEO vectors including entity poisoning (brand disambiguation and knowledge panel manipulation), review bombing, and more coordinated reputation attacks that can reduce trust and visibility in search. They discuss how to respond to suspicious one-star reviews, when (and when not) to use disavow, and why establishing a clear baseline of “normal” performance is critical for identifying real attacks early. Brian also hints that the most damaging negative SEO can come from weaponizing systems inside Google, encouraging viewers to attend his full talk for deeper insight.

James Dooley (0:00): How to defend against black art SEO. There’s a lot of people in the SEO community talking about black art strategies and a lot of sites being hit hard. Today I’ve got none other than Brian Kato, who’s speaking over in SEO Mastery Summit. He’s got a full talk on this at Mads Singers’ event and I’m looking forward to listening to that. But I want to dig a little bit deeper prior to your talk. First and foremost, for anyone that doesn’t know who Brian Kato is, can you give a quick background on your cybersecurity background and why you know about defending against black art SEO? Brian Kato (0:42): Yeah—so initially when I got into marketing, I was a full stack developer. I was doing a lot of online reputation management—understanding you can move things up, you can also move things down in the SERPs—without realizing that in and of itself is kind of SERP manipulation. But we just called it reputation. Over the years in SEO, I started to get more involved in the intersection between marketing and cyber. Because what I was finding is that you could rank people, but they didn’t have the foundation—so someone could come along and trash their brand or trash their site. It’s great if you’re ranking number one today, but if you’re completely de-indexed and off the grid the next day… how well did that marketing channel really work? That’s kind of how I got into it. James Dooley (1:44): That’s cool. So with defending against blackout strategies—are there any specific blackout strategy you’re seeing at the moment that’s rife, that people might not know about? What do people need to look out for initially—what are the different strategies being used and what to identify before trying to defend? Brian Kato (2:07): The first thing I want to make very clear is this: A lot of negative SEO—most of the attacks I get called in to look at—are self-inflicted. They hired a less-than-desirable link builder. They had a crappy link strategy. Their site isn’t optimized. A lot of it is self-sabotage. The instances where I see true attacks happen tend to come through an entity poisoning vector. Someone undermines who you are and your entire brand. They say it’s something else. It’s that decoupling of your brand. And the big thing a lot of people don’t understand is: anything you can do to move a business up in rankings can also be done to move a business down in rankings. It’s all about the implementation. James Dooley (3:09): Yeah, for sure. Entity recognition is so important nowadays—brand is key. And if someone’s disambiguating against the brand and trying to make out you’re somebody else… I can see why that would bring them down.

Because everyone is trying to do the opposite now: repeat who you are, repeat what you do, repeat why you’re great.

So if someone’s doing the opposite, your clarity and confidence score drops. But what can people do about it? Let’s say I’ve built a strong brand for 10 years: positive brand SERP, positive reviews, testimonials, case studies—then someone comes after me trying to take me down. How can I defend against that? Brian Kato (4:14):

First thing we recommend is: understand what your baseline looks like—what “normal” looks like.

A true attack is usually coordinated and calculated. It’s not just throwing a bunch of crappy links at something—Google largely disregards that. But if you’re attacking the entity, the knowledge panel, if you’re disambiguating / ambiguating the entity—those can be attack vectors.

Another thing I see: review bombing.

People leave false reviews. And then there’s another one that crosses into self-sabotage—canonicals. A lot of sites don’t have proper canonical setup, and that can open you up for attacks. James Dooley (5:21): Yeah—review bombing is nasty. We’ve seen horrible cases where people leave one-star reviews, then contact via the contact form saying: “I’ve left you these reviews. If you want me to change them to five-star, it’s £50 each.” And you’re just like—how are these sticking? A lot of real reviews get taken down, but these fake one-stars stick. What can someone do? Is it just reaching out to Google and hoping they remove it? Should you respond saying “we don’t have your records” and call it a fake review? Brian Kato (6:23): That “we have no record of working with you” response is the most common response I see. But it doesn’t work well because maybe that’s exactly why they’re leaving a one-star. If I went into a coffee shop and an employee in a branded shirt cut me off in line and gave me the finger… that’s a legitimate one-star review. The terms around reviews are loose. A genuine engagement can qualify. The reviews I see stick most often are just a star rating with no text—because Google has nothing to evaluate. So what we recommend is: Respond in a positive frame—something like: “We’d love feedback on what happened or what we could have done better. We take this seriously.” Then report it. James Dooley (7:56): That makes sense. So outside of entity poisoning and reviews—what about links? Google is pretty good at ignoring spam blasts like blog comments, GSA, Money Robot, etc. But what about when attackers use PBNs and exact match anchors to a money page—something that looks “SEO-normal” but is toxic? Does disavow help? Or does it still affect ranking? Brian Kato (8:44): Honestly, I very rarely disavow anything. In my tenure, I’ve disavowed maybe three or four times. Usually, we just build better links. We look at topical relevance, the semantics around the anchor, and we dilute it with higher-quality signals. Sometimes even if a link is de-indexed or ignored, it can still pass a little juice. But there’s one exception: anything related to CSAM / child exploitation notifications—those get disavowed immediately. James Dooley (9:30): Yeah—so anything extreme like that gets handled instantly. What else can we touch on without giving away your full Vietnam talk? Brian Kato (9:55): One thing I’ll mention is: The worst negative SEO I’ve seen comes from within—and comes from within Google. We’ll leave it at that. Some of the worst cases happen when someone weaponizes the system that’s supposed to help you. James Dooley (10:22): Got it. We’ll leave it there. Brian, it’s been an absolute pleasure. Anyone watching—if you want to understand how you might be self-sabotaging without realizing it, or how certain things inside Google could be harming your site—make sure you get over to SEO Mastery Summit. If you’ve got questions about blackout strategies, virality, CTR manipulation, short clicks, Navboost issues—leave a comment. Me and Brian will respond. There are a lot of blackout strategies at the moment, which annoys me because I think people should win on merit—but it’s part of the game nowadays. Brian, from your cybersecurity background, knows how to defend against a lot of this. It’s been a pleasure and I’ll see you again soon. Brian Kato (11:20): Sounds great. Thanks, James.

Creators & Guests

Host

James Dooley

James Dooley is a UK entrepreneur.