 Previously on Search Console Training. The Search Console Security Issues Report shows warnings when Google finds that your site might have been hacked or used in ways that could potentially harm a visitor or their device. When Google detects a security issue on a website, Search Console verified site owners will receive an email alerting them about this issue with a link to more information on how to solve it. Read your emails carefully. It's important that you see these alerts as soon as possible. Welcome back to the two-episode special on security issues in Search Console. In this second part, Aurora will go deeper into hacking and social engineering. Enjoy! There are many different types of hacks. The most common one is URL injection that can happen through stolen credentials or outdated software. Once hackers gain unauthorized access to the CMS or the hosting service of a website, they can remove, modify or add content, steal user data or exploit the reputation of the website for their own commercial purposes. I'll focus on three forms of hacking through injection of URLs, content or code. Injections usually result in harming the user experience and trust damaging the reputation of the website. URL injection happens when a hacker creates new pages on a site containing spammy links. These links redirect users to other sites. Content injection happens when a hacker adds unrelated content to a site's pages, such as spammy keywords or gibberish text. Code injection happens when a hacker injects code to a website to change its behavior, for example, by sending spammy emails. Typically, hackers take control of a website in one of these ways. By gaining access to an insecure directory on a server, for example, you may have forgotten about a directory that has open permissions. By exploiting a vulnerability in a software running on a site, such as a content management system, for instance, you might be running an older, insecure version of your CMS. By hacking third-party applications, such as plugins or widgets on a site. Wow, so a lot of security issues come from outdated software and bad credential management? Yes. Hackers usually look for technical signals to assess if a website is well protected or not. If they see that a website is running an outdated version, they might exploit a known vulnerability. Hmm, I'm going to check if I need all those plugins if they're really updated. Wait, I haven't told you about social engineering yet. Social engineering? Social engineering tricks users into doing something dangerous online, such as revealing confidential information or downloading malicious software. Phishing is an example of social engineering. Google Safe Browsing protects users by warning them before they visit deceptive websites or download harmful files. If Google Safe Browsing detects that your website has deceptive content, the Chrome browser may display a deceptive site ahead warning when visitors click to access your site. To learn more about Google's work in this field, check the Safe Browsing and Transparency Report links in the video description. Search Console will alert you by email if we think any of the pages on your site contain social engineering content. But take a quick look at your security issues report once in a while just to be on the safe side. Pun intended. Some examples of social engineering are deceptive content. Your site tries to trick visitors into doing something they'd only do for a trusted entity. For example, sharing a password or a credit card number. Deceptive ads. Your site contains ads that falsely claim that device software is out of date, prompting users into installing unwanted software. Since deceptive content makes you believe that it is the original source, it may try to trick you into sharing your sensitive data. But I don't fall for those tricks. You may not fall for obvious phishing attacks. But deceptive content such as fake download buttons may try to trick you to download malware. In addition to social engineering warnings, we also report on other security issues. So come on downloads. Your site offers a download that Google Safe browsing hasn't seen before. Chrome may warn those who downloaded that it could be dangerous. These warnings are lifted automatically if Google Safe browsing verifies that the files are safe. Harmful downloads. Your site offers users a download that Google Safe browsing thinks is either malware or unwanted software. Browsers such as Chrome may show a warning when a user visits your site. To remove this warning, you must remove the links to harmful sites. Unclear mobile billing. Your site is not sufficiently informing users about mobile charges. Chrome may display a warning before the user loads a page that incurs in these charges. Malware. Your site has been infected by or is hosting malware from a hacker. This can be software, a mobile application, or a script specifically designed to harm a device when a user knowingly or unknowingly installs it. You can find out more about malware issues and how to fix them in the assessing malware documentation linked in the description. So, remember, pay attention to the security issues reported in Search Console. It may contain important information regarding the security of your site and your users. And as a user, beware of social engineering. Pay attention to warnings and don't fall for deceptive content and harmful downloads. Thank you so much for helping us understand more about security, Aurora. And before you forget, subscribe to the YouTube Google Webmaster's channel to watch more videos on Search Console. Stay tuned. No, it's not like that. It's... Stay tuned.