It’s quite a common black hat SEO practice to insert fake rating rich snippets on doorway pages to make them attract more attention on search result pages and to give them more credibility.
Here is one example of how such fake ratings are being generated:
...$rating = rand(3,5);$rcount = rand(120,220);$txt = "<div itemscope="" itemtype="http://schema.org/Product">n <span itemprop="name">$htitle</span>n <div itemprop="aggregateRating" itemscope="" itemtype="http://schema.org/AggregateRating">n <span itemprop="ratingValue">$rating-5</span> stars based onn <span itemprop="reviewCount">$rcount</span> reviewsn</div>n </div>n";...
As you can see, they aim for ratings like 4-5 stars based on 133 reviews, but both the rating and the number of reviews are just random numbers in the ranges that make them look both plausible (not 5 stars always) and trustworthy (based on at least 120 reviews). Funny, this particular code allows to generate ratings like 5-5 stars 😉
As many other things on the web, you shouldn’t immediately trust anything what you see in Google’s search results. Those rating stars are not a seal of quality from Google. It’s just information provided by sites themselves. Moreover, when you search for cheap prescription drugs, pirated software, luxury replicas or questionable financial services, quite often such ratings in search results are fake, and results lead to doorways on hacked sites.
If your site doesn’t use rich snippets on its pages, but you see them in the Search Appearance/Structured Data section of Google Search Console, this may be a sign of a hack.
It’s one of many examples of SEO poisoning infections that we deal with. We literally remove Gigabytes of spammy doorways from hacked sites every day and if you need a professional help, you can always count on us.