My URL used for Phishing attack??!!! Notice from Google...

Avatar
  • Answered
I received an email from Google saying my URL had been used for a Phishing attack. But I can't see any of the folders it is referencing and it doesn't look as if my login has been compromised.
--------------------------------------------
Notice as follows from Google:

Dear site owner or webmaster of **************.net,
We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.evanscreative .net/~*****5/Update.Your.Account/05d67a2cb7bfbe395d09f7be859b9761/

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//www.**********.net/~*****5/Update.Your.Account/05d67a2cb7bfbe395d09f7be859b9761/
We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
http://www.google.com/safebrowsing/report_error/?tpl=emailer
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Sincerely,
Google Search Quality Team
Avatar
johnpaulb-imhs1
Hello, Thank you for your Google phishing notice question. If you reviewed your account and the files in question are not there, it may be a false positive. You can report this to Google via the link they provided. Typically, this type of thing occurs by a weak password being compromised, or a website running outdated software/themes/plugins. To be safe, I recommend following the steps in our Website Security guide, that apply to you. Also, I recommend rotating all of your passwords, which is covered in our guide on recovering after a hack. Also, at times Google may have outdated information, based on how often they crawl your site. You can ask them to reconsider crawling your site through Webmaster Tools. If you have any further questions, feel free to post them below. Thank you, John-Paul