In November Google announced that Safe browsing would protect us from social engineering attacks or in other words the deceptive tactics which can trick us to install unwanted software or revealing a user’s personal information – maybe a password, credit card or any other valuable information. Before sharing the announcement, we would love to explain few things about Social Engineering:
Understanding Social Engineering – Phishing and Deceptive Sites
Social engineering is basically a type of attack to the web user, by tricking them into doing something dangerous online. There are mainly two types of attack – Phishing and Deceptive. Phishing sites might trick users into revealing their personal information, and deceptive content such as an ad that might trick users into installing unwanted software.
Even if you don’t engage?
Yes, correct! You need to understand social engineering even if you don’t engage it because deceptive social engineering content may be included via images, resources embedded on the page, third-party components, or ads. Such deceptive content may trick site visitors into downloading unwanted software so when we talk about Google safe Browsing, it protects web users from these attacks by warning users on publisher pages that consistently display social engineering ads.
Additionally, hackers can take control of innocent sites and change the content of the site / add additional pages to the site, often with the intent of tricking visitors into parting with personal information such as credit card details.
You can find out if your site has been identified as a distributor of social engineering content by checking the Security Issues report in the Search Console.
Now lets go back to the Google announcement. The fight against unwanted software and social engineering is just beginning and will improve the Google’s Safe Browsing protection. Google will warn the users when they visit the site so if your site is flagged for containing social engineering content all you have to do is take the following these steps:
1. Verify in Search Console-
Check that only you are the owner of the site in Search Console and no other suspicious owner has been added. Check the Security Issues report to see if your site is listed as engaging in social engineering.
2. Remove deceptive content
Ensure that none of your website pages contain deceptive content and if found, remove them immediately.
3. Find third-party resources
Ensure that any images, ads, or resources on your site’s pages are not deceptive. Note that ad networks may rotate the ads shown on your site’s pages, therefore, you may need to refresh a page few times to see any social engineering ads appear or not.
4. Request a review
After removing all social engineering content you can request a security review in the Security Issues report and then wait for 2-3 days.