Social Engineering (Phishing and Deceptive Sites) - Search Console Help

If Google detects that your website contains social engineering content (content that tricks visitors into doing something dangerous, like revealing confidential information or downloading software), the Chrome browser may display a "Deceptive site ahead" warning when visitors view your site. You can check if any pages on your site are suspected of containing social engineering attacks by visiting the Security Issues report.

Open the Security Issues Report

What is social engineering?

A social engineering attack is when a web user is tricked into doing something dangerous online.

There are different types of social engineering attacks. A phishing site might trick users into revealing their personal information (for example, passwords, phone numbers, or credit cards). Deceptive content, such as an ad that falsely claims that device software is out-of-date, might trick users into installing unwanted software.

A social engineering attack happens when either:

• The content pretends to act, or looks and feels, like a trusted entity — like a browser, operating system, bank, or government.
• The content tries to trick you into doing something you’d only do for a trusted entity — like sharing a password, calling tech support, or downloading software.

Google Safe Browsing protects web users from social engineering by warning users before they see deceptive content. Learn more about social engineering and see examples here.

How is social engineering different from phishing? Phishing is just one type of social engineering attack.

But I don't engage in social engineering!

Deceptive social engineering content may be included via resources embedded in the page, such as images, other third-party components, or ads. Such deceptive content may trick site visitors into downloading unwanted software. 

Google Safe Browsing protects web users from deceptive content by warning users on publisher pages that consistently display social engineering ads. Learn more and see examples here.

Additionally, hackers can take control of innocent sites and use them to host or distribute social engineering content. The hacker could change the content of the site or add additional pages to the site, often with the intent of tricking visitors into parting with personal information such as credit card numbers. You can find out if your site has been identified as a site that hosts or distributes social engineering content by checking the Security Issues report in Search Console.

See our Help for Hacked Sites if you believe that your site has been hacked.

If your site is flagged for containing social engineering content

1. Check in with Search Console. 
   • Verify that you own your site in Search Console and that no new, suspicious owners have been added.
   • Check the Security Issues report to see if your site is listed as engaging in social engineering. Visit some sample flagged URLs listed in the report, but use a computer that's not inside the network that is serving your website (clever hackers can disable their attacks if they think the visitor is a site webmaster).
2. Remove deceptive content. Ensure that none of your site's pages contain deceptive content.
3. Check third-party resources included in your site. Ensure that any ads, images, or other embedded third-party resources on your site's pages are not deceptive.
   • Note that ad networks may rotate the ads shown on your site's pages. You therefore might need to refresh a page a few times before you're able to see any social engineering ads appear.
   • Some ads may appear differently on mobile devices and desktop computers. You can use the Fetch as Google tool to view your site in both mobile and desktop views.
4. Request a review. After you remove all social engineering content from your site, you can request a security review in the Security Issues report. A review can take 2-3 days to complete.

Was this article helpful?