In
November,
we announced that Safe Browsing would protect you from social engineering attacks—deceptive
tactics that try to trick you into doing something dangerous, like installing
unwanted software
or
revealing your personal information
(for example, passwords, phone numbers, or credit cards). You may have encountered social
engineering in a deceptive download button, or an image ad that falsely claims your system is out
of date. Today, we're expanding Safe Browsing protection to protect you from such deceptive
embedded content, like social engineering ads.
Consistent with the social engineering policy we announced in November, embedded content (like
ads) on a web page will be considered social engineering when they either:
Pretend to act, or look and feel, like a trusted entity—like your own device or browser,
or the website itself.
Try to trick you into doing something you'd only do for a trusted entity—like sharing a
password or calling tech support.
Below are some examples of deceptive content, shown via ads:
This image claims that your software is out-of-date to trick you into clicking "update".
This image mimics a dialogue from the FLV software developer—but it does not actually
originate from this developer.
These buttons seem like they will produce content that relate to the site (like a TV show or
sports video stream) by mimicking the site's look and feel. They are often not distinguishable
from the rest of the page.
Our fight against unwanted software and social engineering is still just beginning. We'll continue
to improve Google's
Safe Browsing
protection to help more people stay safe online.
Will my site be affected?
If visitors to your web site consistently see social engineering content, Google Safe Browsing may
warn users when they visit the site. If your site is flagged for containing social engineering
content, you should troubleshoot with Search Console. Check out our
social engineering help for webmasters.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],[],[[["\u003cp\u003eGoogle Safe Browsing is expanding protection against social engineering tactics delivered via embedded content, such as deceptive ads.\u003c/p\u003e\n"],["\u003cp\u003eSocial engineering content is defined as deceptive embedded content that impersonates trusted entities or tricks users into performing sensitive actions.\u003c/p\u003e\n"],["\u003cp\u003eWebsites consistently displaying social engineering content may trigger Google Safe Browsing warnings for visitors.\u003c/p\u003e\n"],["\u003cp\u003eWebmasters can utilize Search Console to troubleshoot social engineering flags on their websites and learn how to resolve issues.\u003c/p\u003e\n"]]],["Safe Browsing protection is expanded to combat deceptive embedded content, like social engineering ads. This includes content that mimics trusted entities or tricks users into actions like sharing passwords. Examples include ads falsely claiming outdated software or mimicking a developer's dialogue. Sites displaying such content may trigger Safe Browsing warnings, urging webmasters to troubleshoot via Search Console to resolve these issues. This is part of an ongoing effort to combat social engineering and unwanted software.\n"],null,["# No More Deceptive Download Buttons\n\nTuesday, April 12, 2016\n\n\n*Cross-posted from the\n[Google Security Blog](https://security.googleblog.com/2016/02/no-more-deceptive-download-buttons.html).*\n\n\nIn\n[November](https://googleonlinesecurity.blogspot.com/2015/11/safe-browsing-protection-from-even-more.html),\nwe announced that Safe Browsing would protect you from social engineering attacks---deceptive\ntactics that try to trick you into doing something dangerous, like installing\n[unwanted software](https://www.google.com/about/company/unwanted-software-policy)\nor\n[revealing your personal information](https://googleonlinesecurity.blogspot.com/2010/03/phishing-phree.html)\n(for example, passwords, phone numbers, or credit cards). You may have encountered social\nengineering in a deceptive download button, or an image ad that falsely claims your system is out\nof date. Today, we're expanding Safe Browsing protection to protect you from such deceptive\nembedded content, like social engineering ads.\n\n\nConsistent with the social engineering policy we announced in November, embedded content (like\nads) on a web page will be considered social engineering when they either:\n\n- Pretend to act, or look and feel, like a trusted entity---like your own device or browser, or the website itself.\n- Try to trick you into doing something you'd only do for a trusted entity---like sharing a password or calling tech support.\n\nBelow are some examples of deceptive content, shown via ads:\n\nThis image claims that your software is out-of-date to trick you into clicking \"update\".\n\n\nThis image mimics a dialogue from the FLV software developer---but it does not actually\noriginate from this developer.\n\n\nThese buttons seem like they will produce content that relate to the site (like a TV show or\nsports video stream) by mimicking the site's look and feel. They are often not distinguishable\nfrom the rest of the page.\n\n\nOur fight against unwanted software and social engineering is still just beginning. We'll continue\nto improve Google's\n[Safe Browsing](https://www.google.com/transparencyreport/safebrowsing/)\nprotection to help more people stay safe online.\n\nWill my site be affected?\n-------------------------\n\n\nIf visitors to your web site consistently see social engineering content, Google Safe Browsing may\nwarn users when they visit the site. If your site is flagged for containing social engineering\ncontent, you should troubleshoot with Search Console. Check out our\n[social engineering help for webmasters](/search/docs/monitor-debug/security/social-engineering).\n\nPosted by Lucas Ballard, Safe Browsing Team"]]