I have got Google message about phishing activity of my website

  • Answered
Dear Mr. Scott

Greetings and I am glad to get your proffesional advise . I have got a google message as you see below about phishing activity.

Dear site owner or webmaster of ethiopiatoursandtravels.net,

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.ethiopiatoursandtravels .net/~f*****d/paypaI.com.ch/web_paypl/websc-login.php
http://www.ethiopiatoursandtravels .net/~f*****d/paypaI.com.ch/web_paypl/websc-login.php?Go=_Restore_Start&_Acess_Tooken=4b8279e4096f0ed2fd0ed6b1dce9fed44b8279e4096f0ed2fd0ed6b1dce9fed4

Here is a link to a sample warning page:

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content

If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Google Search Quality Team

Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.

so kindly advise me ,

Hello Dawit,

Thank you for your question on your Google Phishing notice. There are many times when this is a false positive. When Google detects a phishing page on a server, it often broadcasts warnings to all accounts it can find on that server. You can see there is a username for the account in the URL, it starts with a ~. That will be the account you want to check on the server. If that username is not yours, then you do not have to worry about phishing pages being on your server.

By checking your domain name and the username in the URL, I see that you are not one of our customers. You may want to check with your hosting company to see if they can give you any specific information on your server and if the issue has been fixed.

Kindest Regards,
Scott M