Your Site Looks Fine… Until Google Crawls It: How Cloaked Hacks Wreck SEO

By Sheldon Poon, published on

summarize in ChatGPT summarize in Perplexity
  1. Home / 
  2. Blog / 
  3. Story / 
  4. Article


"Why is our Google listing in Turkish?"

While I was on a call with a client, I got a question out of left field: "Why is our Google listing in Turkish?"

.... I'm sorry, come again?

I had to pull up another window to confirm what the client was saying and there it was in black and white. The listing showed my client's URL but the title and description were clearly in another language.

I was completely caught off guard but told them I would figure out what the issue was.I ended up coming across a completely new hack that I had never heard of before, let alone seen before.

Most website problems are obvious.

A page breaks. A form stops submitting. The site goes down and everyone notices.

This one was the opposite.

The website looked totally normal to real visitors, but Google was seeing something else entirely. And the “something else” was… Turkish sports betting content. Awesome.

The Symptom: A Weird Google Search Snippet

The issue showed up in Google search results, not on the website itself.

The brand name looked fine, but the text underneath (the snippet) was wrong. Not “slightly inaccurate” wrong. More like “why is my climbing gym being advertised as a betting site?” wrong.

That’s usually your first clue that this is not a normal SEO problem.

Why It Was Hard to Diagnose

We couldn’t immediately confirm what Google was indexing because Google Search Console wasn’t set up yet.

Search Console is basically your direct line into what Google thinks your site is, what it’s indexing, and what’s going wrong.

So step one was simple: get Search Console configured, verified, and collecting data.

Once it was live, we ran a URL Inspection live test on the homepage to see what Google was actually picking up.

That’s when the “ohhh… ok” moment happened.

The Root Cause: The Site Was Compromised

The site had been hacked in a way that’s designed to avoid detection.

Here’s what we found (high level, no “how to hack your client” tutorial here):

  • Attackers injected server-side behavior so Google crawlers were redirected to malicious content.
  • That malicious content lived on the server (not just a weird meta tag).
  • Regular visitors who typed the domain into their browser saw the real site, which is why it looked normal.

This is a classic cloaking-style compromise: show the “clean” site to humans, show the spam to Google.

If you’ve ever felt gaslit by a website bug, this is the cybersecurity version of that.

Why AMP Made It Worse

In this case, the hacked content was being served through the AMP version of the site.

AMP is one of those things that can be harmless when it’s properly configured and monitored, but it can also become the “side door” attackers love because:

  • it’s often forgotten about,
  • it sometimes runs on different templates or routes,
  • and site owners rarely check what Google sees there.

So yes, your site can look fine while your AMP version is a dumpster fire.

The Fix: Remove, Verify, Reindex

Once we confirmed what was happening, we took a three-step approach:

1) Remove malicious server files and behavior
We cleaned out the compromised artifacts so the server stopped presenting spam content to Google.

2) Confirm the real content was restored in Search Console
We re-ran the live inspection test and verified that Google could see the proper homepage again.

3) Request reindexing
This tells Google, “Hey, we fixed it. Come re-crawl this now.”

At that point, the core problem is solved, but Google still needs time to refresh the public search result snippet.

How Long Until Google Fixes the Listing?

Usually a few days.

Sometimes faster, sometimes slower, depending on crawl frequency and how quickly Google reprocesses the changes.

The key point: once the source is clean and reindexed, the snippet typically corrects itself without any extra “manual text edits.”

What You Should Do If This Happens to You

If your Google snippet looks hacked but your site looks normal, do this:

  • Set up Google Search Console (or check it immediately if it already exists)
  • Run a live URL inspection on the page that looks wrong in search
  • Look for signs Google is being served different content than a normal browser
  • Assume it’s security-related until proven otherwise

And then get someone technical involved quickly, because this is not a “change the meta description” situation.

The Bigger Lesson

This is why we’re big believers in monitoring and maintenance, even for “simple” websites.

Not because it’s fun. Because attackers don’t care if your site is big or small. They care if it’s easy.

If Google is indexing spam under your brand name, that’s not just embarrassing. It can hurt:

  • organic traffic
  • brand trust
  • ad performance
  • and overall visibility

Basically, it’s an SEO problem caused by a security problem.

Want Us to Check Yours?

If something looks off in your Google results, send it to us. We can usually confirm what’s happening fast using Search Console and a few verification checks, and then take the right action from there.

We make data look good

Free Consultation
  • Share:

Looking to
grow your business?

Feel Free to Contact Us

4010 rue Notre-Dame O
Montreal, Quebec Canada, H4C 1R1

514-664-1213
855-811-6012
[email protected]

© 2022 Drive Marketing