911 Hack Removal

Social Engineering Content Detected (Phishing) – How to fix it?

Updated on: August 31, 2020

Social Engineering Content Detected (Phishing) – How to fix it?

Social Engineering Content Detected

Have you received an E-mail from Google saying that it has detected Social Engineering Content on your website? It might be because some pages on your website are hacked or include malicious third-party resources. These can be ads or pop-ups that might trick users into installing malicious software or giving up confidential information. So to protect your visitors, web browsers like Chrome will give a warning to visitors.

Scan Your Website For Blacklist
Our tool scans 65+ blacklists to check if your website is blacklisted

Here are some warning messages that Google shows when your website is hacked.  You might have received a similar email from Google.

Google’s Safe Browsing systems have detected that some pages on your site might be hacked or might include third party resources such as ads that are designed to trick users into installing malicious software or giving up sensitive information. To protect your site’s visitors, your site has been demoted in Google’s search results and browsers such as Google Chrome now display a warning when users visit your site.

Act now to fix this problem and remove the warning:

1) Identify compromised pages

Check the example URLs in the “Security Issues” page in Search Console. Note that this page displays a list of samples and not an exhaustive list of problematic URLs.

2) Remove the deceptive content

If you’re having trouble identifying and removing all the problematic content on your site, consider restoring an older version of your site. If you have ads on your site, ensure that they are not designed to trick or deceive visitors.

3) Secure your site from any future attacks

Identify and fix any vulnerabilities that caused your site to be compromised. Change passwords for administrative accounts. Consider contacting your hosting service to assist with the issue.

4) Request a security review

Only do this once you’re sure your site is free of problematic content. Include any details or documentation that can help understand the changes made to your site.

Here is a sample of URLs from your site where we detected social engineering content:

http://www.example.com

– An Email from Google Search Console team

What is Social Engineering Content?

Social Engineering is when a user is tricked to click on certain links that takes them to malicious or hacked web pages. Social engineering content hacks play with human psychology rather than technical hacking techniques. For example, you receive a call and the caller pretends to be a bank employee, asking your personal details for a transaction.

Another example of social engineering content is a phishing site – a site which pretends to be the legitimate website but is designed to collect an individual’s personal information, putting user data at risk.

Sometimes, the social engineering is present in the embedded content of your website. In some cases, host webpage gives pop-ups or other redirections to deceptive web pages.

We have also seen cases in which hackers inject suspicious scripts in website files that lead to social engineering content. In such hacks, often, the owner has no idea.

Social Engineering Content
Deceptive popup claiming to help the user update their browser             

Consequences of Social Engineering

  • Your ads will be disapproved by Google, affecting your ad revenue. Here is a detailed blog on how you can fix suspended ads by Google.
  • Your SEO will be affected. Domain rank will fall drastically in organic Google search results.
  • Web browsers will show a warning message to visitors as “deceptive site ahead”.
  • A general loss of hard-earned trust, reputation, and revenue.
Deceptive site ahead
Google Chrome warning for deceptive website

How to Fix the Social Engineering Content Problem

The reasons behind social engineering will be different in each case, and also the fixes. But if your website was working fine before being affected, then any new changes made to the website are likely what have been causing the problems – so restoring these changes could be the solution.

Log your steps and take a backup

Before you start making any changes in the website make sure that you are noting everything in a logging system convenient to you. Not only does this help you keep track of what steps you’ve taken, it will also be handy when you have to submit a detailed report to Google about what you’ve done to resolve the social engineering issue on your website.

Google Webmaster

  • Check the Google Webmaster account of your website and check for any new user profiles that seem suspicious.
  • Check the security issues report in the Webmaster and check if your website is engaged in social engineering. Check the sample flagged URLs in the documentation. For this step, it is recommended to use a device outside the network as hackers disable attacks if they realize the visitor is a website admin.
  • View your website in both mobile and desktop view using the Fetch as Google tool. This will help you to see how Googlebot crawls your webpage.

In-depth Analysis of Website

  • Check for embedded social engineering content on your web pages. Also, make sure that no ads, popups or links redirect to suspicious third-party URLs.
  • Refresh your web pages several times to see if any ad leads to social engineering because ad network rotates the ads displayed on your website.
  • Review each file of your website in detail. Make a note if you find anything suspicious.
  • Analyse the recent changes in your website. Compare the current files with a trusted backup.

There will be detailed documentation links in the email you received from Google that you can refer to while following these steps. Remove any recently modified code or changes in the Google Ads and delete the suspicious pages.

Submit for a Review

Once you’re done cleaning your website, you can submit your website for a review. Our security experts have designed a Request a review template that you can submit to Google Search console team.

Before you submit your report, it is essential to make sure you have thoroughly cleaned your website, as submitting for a review multiple times can do more harm than good. It is recommended that you consult security professionals like Astra to make sure your website is cleaned and back up quickly.

Astra

At Astra, we have a team of dedicated security experts who resolve dozens of such issues daily. Our Engineers will remove malware, suspicious files, scripts and will submit a detailed report to Google on your behalf. We also install Astra Firewall for 24×7 protection because malware has the tendency of coming back. Our firewall ensures that only good traffic is allowed to your website. This way, you know your website will be safe! Take the Astra Demo now!

Check out our Detailed Guide on Website Malware Attacks: Causes, Consequences & Steps to Fix.

Was this post helpful?

Tags: , , , , ,

Naman Rastogi

Naman Rastogi is a Growth hacker and digital marketer at Astra security. Working actively in cybersecurity for more than a year, Naman shares the passion for spreading awareness about cybersecurity amongst netizens. He is a regular reader of anything cybersecurity which he channelizes through the Astra blog.Naman is also a jack of all trade. He is certified in market analytics, content strategy, financial markets and more while working parallelly towards his passion i.e cybersecurity.When not hustling to find newer ways to spread awareness about cybersecurity, he can be found enjoying a game of ping pong or CSGO.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Pooja
Pooja
1 year ago

Great inspiring blog. I am truly impressed with your work and like your writing skills. Thanks for nice sharing.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany