Received Phishing Notice from Google. Help?

Avatar
  • updated
  • Answered

Hey, I recently received an email from Google stating this:


We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.


Below are one or more example URLs on your site which may be part of a phishing attack:


http://www.mercyswar.com/~snehil5/cgibin/image/B_%23A_%23N_%23K_%23I_%23N_%23G/signon.phpsection=72703&reason=&portal=&dltoken=aca1954e8162992e68e5befb5750a62e/?id=3b3315c33d1a92662b3685c808056f82


http://www.mercyswar.com/~snehil5/cgi-bin/image/B_%23A_%23N_%23K_%23I_%23N_%23G/signon.phpsection=72703&reason=&portal=&dltoken=aca1954e8162992e68e5befb5750a62e/login.php?.portal


...


We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site.


...


If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.


Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting


http://www.google.com/safebrowsing/report_error/?tpl=emailer


and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.


Sincerely,


Google Search Quality Team


I understand from reading other replies on your site that this problem is not a problem with my actual site/URL but with user ~snehil5, as we are on the same server or something?


However, I am still concerned and would like to know what to do in order to remove my own URL from this mess and how I can get this warning removed by Google?


Thanks

Avatar
Scott
Hello, If you are not the user indicated in the link that Google provides, then you are unaffected. Google's detection clumps all users on the server together when it sends out that notification. If you ever get one and you ARE the user identified, it means your site was hacked and phishing information was placed on the site. In that case you will want to visit that link in your account and delete it. Then you will want to take appropriate measures as you would after any hack. Kindest Regards, Scott M