Hacked websites, advertising injections, deceptive download buttons and surreptitious redirects were among the top problems that sent Google’s security team into high alert last year, according to the company’s Webspam Report 2016.

Webspam generally is defined as trickery used to attain search-engine traffic. Tactics may include publishing material about a trending topic, even though the material is totally irrelevant to the website’s subject; nonsense copy loaded with keywords and links (frequently seen in blog comments); or plagiarized content.

Google takes a broader view of webspam. In Google’s universe, webspam comprises not only illicit attempts to improve search ranking, but also anything that compromises the user experience, particularly strategies that are potentially harmful or simply annoy end-users.

With that in mind, the number one source of webspam Google saw last year was hacked websites. According to the webspam report, the volume of compromised sites rose by 32 percent over 2015’s numbers.

“In 2016 we received over 180,000 user-submitted spam reports from around the world,” the report notes. “After carefully checking their validity, we considered 52 percent of those reported sites to be spam.”

Google inserts prominent warnings about hacked sites in search results. (Webmasters receive a notice from the search engine if they’ve verified their sites through Search Console.) The good news? Eighty-four percent of websites that apply for reconsideration after cleaning are reinstated. Google provides a handy guide to help webmasters recover after a hacking episode.

Interestingly, the most common mode of compromising a website for the purpose of inserting webspam isn’t a hard hit — it’s ad injection. Google is working with advertising networks to harden their services so black hats can’t sneak malware in under the radar.

Mobile search is increasing every year. Google noted most search queries now originate on a mobile device. As might be expected, webspam targeting mobile users is increasing incrementally. The most dramatic increase Google saw in 2016 was in “sneaky redirects” that use widgets or ad injection to send mobile users to pages they didn’t intend to visit. Desktop users go one way, and mobile users wind up on a spammy website. Often the redirecting site’s webmaster is unaware of the scheme.

How is Google addressing the webspam problem?

In 2016, “we sent over 9 million messages to webmasters to notify them of webspam issues on their sites,” Search Quality Strategist Michal Wicinski and User Education & Outreach Specialist Kiyotaka Tanaka wrote in a post on Google’s Webmaster Central blog. “We also started providing more security notifications via Google Analytics.

“We performed algorithmic and manual quality checks to ensure that websites with structured data markup meet quality standards,” the post continued. “We took manual action on more than 10,000 sites that did not meet the quality guidelines for inclusion in search features powered by structured data.”