What is a social engineering attack on a website and how to get rid of?

Mohan Manohar July 7, 2017
0 people like this post

For the past many months, Google giving prominence to the social presence of website and importance to website which are most often than are subject of discussion points in the internet world. Twitter, Facebook, Google+, linked in, Reddit are some of the important social networking tool and Google prefers sites with general and organic followers. Importance of sites are about how people are following it and sending it on social networking websites. There are some small web masters try to get to the short cut to success by moving into some tricks to garner more trends and ore retreats and likes for their articles.

There are some sites which are exclusively built on doing this and then it lead to tricky to visitors in many forms and allure them to do something very dangerous such as revealing their confidential information to the public which leads to massive security breaches for their online contents. There could be some sites which lure into you to download some software by giving warning to you about your computer is hacked or something like that.

If Google sees this trend of these sites continue to do this then it shows n the browser to the warning of that site to use and that caption is like this about deceptive site ahead. If Google finds such site are compelling users to reveal certain details than chrome browser warns the user about deceptive sites. It is a good idea for web masters to check each and every page of their site for deceptive site check by visiting security issues report on Google. You go to webmaster tools, then search console and then security issues and from there check for, whether there are any security issues with your website or not.

If there are no such issues then your site is very safe to be used. Here, we are talking about social engineering attack, when a web user tried different tricks to lure users to do something dangerous such as downloading crapware, installing unwanted software and so on. Social engineering attacks arise out of different types. Phishing sites lure customers to get the money in return of providing bank accounts and other significant classified personal information. They might want to get passwords, credit card details, phone numbers by providing deceptive marketing technologies.

Some website lure you to download some content you look at but when you click on these links that lead to you some other crapware sites or malicious apk download sites. Such sites pretended to present the real information in the guise of false information, do not believe on such sites which demand passwords, credit card detailed information, bank account details and others. Most of Google Chrome browsers operate with Google Safe Browsing which is updated from time to time from Google’s own research as well as from user’s contributions.

Social engineering is a broader concept. Phishing is set at one type of social engineering. There are some advertising hosts which embed social engineering ads and lure customers that way. Google believes it is not right for web masters to host such ads. This is inside the policy violation of embedded social engineering content. Webmasters must not host embedded social engineering contents in their website.
Sometimes, some sites do not hold embedded social engineering contents but lead the users through pop ups and pop under to social engineering embedded contents.

Webmasters should not use these advertising on their website. This also results in policy violation. If these are not removed Google can pose penalty on these sites. Even if webmaster actively not using such techniques but still if these are found on website, Google Safe Browsing always goes on for reporting about these sites and warn users before entering into your website.

In cases of yours innocent sites but still such techniques of social engineering in embedded content are there. Hackers find a shortcut route to enter your hosting and can hack your site and that can make your site inaccessible. It is important to check a security report of Google webmaster tool periodically to check the status of your website.

Fixing the problem:

Suddenly on one day if you find your site is flagged by Google Chrome, Google safe content as harmful website, and when you are not practicing any of these above mentioned practices then it is best to reach Google web master tools. Verify your site’s security there. See the security report there and then verify the contents of some flagged URLs out there. It is important to check it outside your server zones. Most of hackers for disabled verification inside own server. If you find deceptive content inside flagged URLs then remove it. You can use WordPress administration in doing this.

If still there are traces for social engineering embedded inside content. Then check for advertisements and disable it and contact your advertising manager through mainly to rectify it. Some ad networks rotate ads so it is important in order to test website on several web browser and refresh the same page again and again to see whether such embedded content inside ads are there or not. Some ad networks may appear differently on mobile and desktop devices. It is important to use to fetch as google tool in webmaster tools to check exact fetching for website link.

It is important in order to check third party resources that are included inside your website. Most of WordPress website have third party plugins and it is important to check behavior of those plugins or use content delivery network to preserve and safeguard website. Cloudflare CDN users can make their website in attack mode to under attack mode to immediately check for such codes. After completely clearing all such security issues, you can then request a review of your site once again in Google by going to request a review link on Google.

Prior to review your website again with Google, do remember to complete a few basic tasks with Google. Verified Google webmaster tools or search console. You are dead sure that you clean your site from vandalism done by a hacker. Correct the vulnerabilities of your sites. Make your site which is a clean site now online. Google always crawls clean webpages. Ensure that your pages are clean and all third party plugin and themes are clean. After providing review to Google waits for some time. If your site is approved and now in a wholesome state, always maintain it. Do not allow hardware to intrude your site again.

If your site has not yet been approved by Google, you start the investigation of your site from the beginning. You take the help from the support team of your hosts to correct your site and clean your site and find out the crux of the problem out there.

  • 0
  • 21
Mohan Manohar

Mohan Manohar is a blogger from India who founded Ittech back in 2007. He is passionate about all things tech and knows the Internet and computers like the back of his hand.

Leave your comment

%d bloggers like this: