Google Search Console reporting 'Deceptive Pages'

[Kiwi Chris]

I'm not sure that this is necessarily security, although Google thinks it is, but I'm interested to hear if anyone knows what triggers it.

I have a website that's triggered in the last 24 hours (I was on the site last night no problem) a big red warning from Google when you access the URL in Chrome: Deceptive site ahead

In Google Search Console, I'm told the site has deceptive pages, although Google won't give me any sample URLs to figure out where it's happening.

Quote

 

These pages attempt to trick users into doing something dangerous, such as installing unwanted software or revealing personal information. Learn more

When I click for further details, I'm told "Social Engineering Content detected on site ..."

I can't figure out what Google is determining to be 'Social Engineering Content' as the site looks fine in Edge or Firefox (running in Windows Sandbox just to be safe).

Has anyone else had this issue, and if so, do you know what triggers Google to classify a site like this?

[adrian]

@Kiwi Chris - I haven't ever seen this warning, but it sounds potentially something that needs to be taken care of.

Have you seen these info pages?

https://developers.google.com/search/docs/advanced/security/social-engineering
https://www.getastra.com/blog/911/social-engineering-content-detected/
https://software-wikipedia.medium.com/social-engineering-content-detected-on-your-site-how-to-fix-it-238cd3fb9d65
https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/google-now-warns-against-social-engineering-content
https://software-wikipedia.medium.com/social-engineering-content-detected-on-your-site-how-to-fix-it-238cd3fb9d65
 

[adrian]

Also, this video: https://www.youtube.com/watch?v=7kcRf3iUgSk

It's horribly put together, but the I wonder if perhaps there is something to the "link to malicious or hacked page" - perhaps a link on your site is linking to an external malicious site?

[Kiwi Chris]

I'm starting to think the issue isn't with the website at all, but possibly the domain, as the webmail subdomain which points to a different IP address, and is managed by the web hosting provider is also flagged as unsafe, so it looks as though Google has blacklisted the entire domain and subdomains.

As of this morning, the mail server for the domain is also blacklisted by Microsoft, and that's a different IP address again.

It's shared hosting, so I wonder whether some dodgy WordPress site on the server has been compromised and started sending out spam resulting in all services from the same provider getting blacklisted.

[philipwids]

Google Safe Browsing services has created this warning message in order to protect its users from browsing unsafe online content. This message usually means that your website is hacked and Google has marked it insecure. These sites are often called phishing or malware sites.

You can visit a page or access a downloaded file that shows a warning. This isn't recommended.

• Visit an unsafe page
• On your computer, open Chrome.
• On the page where you see a warning, click Details.
• Click Visit this unsafe site.
• The page will load.

When you visit an unsafe site, Chrome will try to remove the unsafe content from the page.

The adware behind the fake Deceptive Site Ahead alerts is not an ingenious virus. It cannot install itself. No, it needs your approval to enter. So, it uses a lot of trickery to gain your permission. It usually hitches a ride with other software. So, pay close attention when browsing the Internet, and when downloading/installing software.

 

Edited October 12 by kongondo
Removed suspicious link.