Social Engineering Content Detected (Phishing) - How to fix it?

This Blog Includes show

Have you received an E-mail from Google saying that it has detected Social Engineering Content on your website? It might be because some pages on your website are hacked or include malicious third-party resources. These can be ads or pop-ups that might trick users into installing malicious software or giving up confidential information. So to protect your visitors, web browsers like Chrome will give a warning to visitors.

Scan Your Website For Blacklist
Our tool scans 65+ blacklists to check if your website is blacklisted

Here are some warning messages that Google shows when your website is hacked. You might have received a similar email from Google.

Google’s Safe Browsing systems have detected that some pages on your site might be hacked or might include third party resources such as ads that are designed to trick users into installing malicious software or giving up sensitive information. To protect your site’s visitors, your site has been demoted in Google’s search results and browsers such as Google Chrome now display a warning when users visit your site.
Act now to fix this problem and remove the warning:
1) Identify compromised pages
Check the example URLs in the “Security Issues” page in Search Console. Note that this page displays a list of samples and not an exhaustive list of problematic URLs.
2) Remove the deceptive content
If you’re having trouble identifying and removing all the problematic content on your site, consider restoring an older version of your site. If you have ads on your site, ensure that they are not designed to trick or deceive visitors.
3) Secure your site from any future attacks
Identify and fix any vulnerabilities that caused your site to be compromised. Change passwords for administrative accounts. Consider contacting your hosting service to assist with the issue.
4) Request a security review
Only do this once you’re sure your site is free of problematic content. Include any details or documentation that can help understand the changes made to your site.
Here is a sample of URLs from your site where we detected social engineering content:
http://www.example.com
– An Email from Google Search Console team

Social Engineering is when a user is tricked to click on certain links that takes them to malicious or hacked web pages. Social engineering content hacks play with human psychology rather than technical hacking techniques. For example, you receive a call and the caller pretends to be a bank employee, asking your personal details for a transaction.

Another example of social engineering content is a phishing site – a site which pretends to be the legitimate website but is designed to collect an individual’s personal information, putting user data at risk.

Sometimes, the social engineering is present in the embedded content of your website. In some cases, host webpage gives pop-ups or other redirections to deceptive web pages.

We have also seen cases in which hackers inject suspicious scripts in website files that lead to social engineering content. In such hacks, often, the owner has no idea.

Your ads will be disapproved by Google, affecting your ad revenue. Here is a detailed blog on how you can fix suspended ads by Google.
Your SEO will be affected. Domain rank will fall drastically in organic Google search results.
Web browsers will show a warning message to visitors as “deceptive site ahead”.
A general loss of hard-earned trust, reputation, and revenue.

Deceptive site ahead — **Google Chrome warning for deceptive website**

The reasons behind social engineering will be different in each case, and also the fixes. But if your website was working fine before being affected, then any new changes made to the website are likely what have been causing the problems – so restoring these changes could be the solution.

Log your steps and take a backup

Before you start making any changes in the website make sure that you are noting everything in a logging system convenient to you. Not only does this help you keep track of what steps you’ve taken, it will also be handy when you have to submit a detailed report to Google about what you’ve done to resolve the social engineering issue on your website.

Google Webmaster

Check the Google Webmaster account of your website and check for any new user profiles that seem suspicious.
Check the security issues report in the Webmaster and check if your website is engaged in social engineering. Check the sample flagged URLs in the documentation. For this step, it is recommended to use a device outside the network as hackers disable attacks if they realize the visitor is a website admin.
View your website in both mobile and desktop view using the Fetch as Google tool. This will help you to see how Googlebot crawls your webpage.

In-depth Analysis of Website

Check for embedded social engineering content on your web pages. Also, make sure that no ads, popups or links redirect to suspicious third-party URLs.
Refresh your web pages several times to see if any ad leads to social engineering because ad network rotates the ads displayed on your website.
Review each file of your website in detail. Make a note if you find anything suspicious.
Analyse the recent changes in your website. Compare the current files with a trusted backup.

There will be detailed documentation links in the email you received from Google that you can refer to while following these steps. Remove any recently modified code or changes in the Google Ads and delete the suspicious pages.

Submit for a Review

Once you’re done cleaning your website, you can submit your website for a review. Our security experts have designed a Request a review template that you can submit to Google Search console team.

Before you submit your report, it is essential to make sure you have thoroughly cleaned your website, as submitting for a review multiple times can do more harm than good. It is recommended that you consult security professionals like Astra to make sure your website is cleaned and back up quickly.