How to Report a Phishing or Scam Website to Google

Encountering a phishing website or a scam targeting your brand is a major security risk. For webmasters and SEO professionals, these malicious sites can damage your brand's reputation and even lead to your own site being flagged if the scammers are using your assets. Reporting these sites to the Google Search web application is the fastest way to protect the community and have the malicious domain blacklisted via Google Safe Browsing.

Here are the official, most effective channels to report various types of malicious online activity directly to Google.

1. Reporting Phishing (Credential Theft)

If you find a website designed to look like a legitimate login page (e.g., a fake banking portal or a fake Google login) to steal usernames and passwords, use the dedicated Safe Browsing report tool.

• The Tool: Google Safe Browsing Report Phish
• Why it matters: Once verified, Google will display a red warning page to Chrome users, preventing them from accessing the site. This also impacts the site's SEO, effectively removing it from search results.

2. Reporting Malware and Malicious Software

If a website is automatically downloading software or hosting viruses, it should be reported as a malware threat.

• The Tool: Report Malicious Software
• Technical Tip: Provide the specific URL of the download if possible, as this helps Google’s automated crawlers identify the exact payload.

3. Reporting Search Engine Scams (Webspam)

Sometimes a scam website doesn't host a virus but uses deceptive SEO techniques (cloaking, sneaky redirects, or doorway pages) to trick users into a scam. This is considered Webspam.

1. Log into Google Search Console.
2. Navigate to the Spam Report page.
3. Select the type of spam (e.g., "Deceptive content" or "Paid links").
4. Include a screenshot and a description of how the site is violating Google Webmaster Guidelines.

4. Reporting Scams on Google Advertisements

If you see a scam appearing as a "Sponsored" result at the top of the search engine results page (SERP), reporting the organic result isn't enough; you must report the ad account.

• Click the three vertical dots (Ad Settings) next to the sponsored URL.
• Select "Report Ad".
• Choose "An ad that violates other Google Ads policies" > "Scams/Unreliable Claims."

5. Reporting Trademark and Copyright Infringement (DMCA)

If a scammer is impersonating your business by stealing your logo, text, and web application design, you should file a legal request to have the content removed from Google's index.

• The Tool: Google Legal Help - Content Removal
• SEO Impact: A successful DMCA takedown ensures the scammer cannot outrank your official site using your own content.

6. What Happens After You Report?

When a webmaster submits a report, Google’s automated systems and manual review teams analyze the site. If it violates policies:

• The site is added to the Safe Browsing List (blocking it in Chrome, Firefox, and Safari).
• The site receives a Manual Action in their Search Console (if they have it).
• The domain is de-indexed, meaning it will no longer appear in the Google Search results.

Conclusion

Reporting a scam is an essential part of SEO maintenance and cybersecurity. By using the correct Google reporting tools, you help keep the web application ecosystem safe for everyone. Whether it's a phishing link in an email or a deceptive search result, taking five minutes to report these sites helps Google’s algorithms learn and prevent similar scams from ranking in the future.