Baffled by tanking Google traffic? Safe Browsing now has better answers

Google has rolled out more detailed explanations for why a site has been labelled as risky to visit by Safe Browsing and better answers for how to fix the problem.

After nearly a decade of Google Safe Browsing, most website operators know what happens if their site has been hijacked; their listing in Google search with Chrome and other browsers that use Safe Browsing get slapped with a malware warning that discourages users to proceed.

Given Google’s dominance of Search, the consequences of that labelling can be dire for traffic. At the same time, Google is in a prime position to tackle malware threats delivered via hijacked websites.

Yet, while these warnings are meant to encourage site owners to fix a malware problem, a recent study by Google of nearly 800,000 hijacked sites found that a significant share of site owners don’t understand why the site was marked as a malware risk and don’t know how to remedy it. For the site owner, that means an extended period of fewer referrals to from Google, and a persistent malware problem that may affect Google’s users.

Site owners can already find some answers by using Google’s Search Console, however it’s likely become more complicated as Google has expanded Safe Browsing beyond outright malware warnings to include sites that have been abused for phishing, and distributing irritating software, such as adware.

To help explain the problem to site owners, Google has come up with what it says are “more specific explanations” for security issues flagged by Safe Browsing that provide more context and detail about what the service has found. The more detailed accounts cover Safe Browsing classifications for malware, deceptive pages, harmful downloads, and uncommon downloads.

“We also offer tailored recommendations for each type of issue, including sample URLs that webmasters can check to identify the source of the issue, as well as specific remediation actions webmasters can take to resolve the issue,” Kelly Hope Harrington from Google’s Safe Browsing Team wrote in a blog post on Wednesday.

This type of help should be useful to all site operators, but in particular for less technical site owners who, in Google’s study, were more likely to have their sites hijacked again even after appearing to have cleaned up a malware problem, only to discover they hadn't resolved the root cause, such as a vulnerable web content management system.

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityLiam TungGoogle trafficKelly Hope Harringtonbrowser securityhijackedCSO AustraliaSafe browsingmalware threatsmalware riskGooglemalware warning

More about Google

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place