Yesterday I received a rather alarming email from the Google Search Console Team telling me that one of my client web sites had "Social engineering content detected" on it.
I double-checked that the address was really from Google and that the links were really going to Google. Hmm, that didn't sound safe so I immediately browsed the client site and then my browser window promptly smacked me with a big red warning message:
In the Google Search Console there's a link to request a Review of your questioned page, then it asked me to explain why I though a Review was warranted. I explained to Google that the page was coded in 2015, worked perfectly, and that nothing had been injected or changed. Then I waited.
Fortunately, the next morning I received another email from the Google Search Console Team:
I'm all for having Google scan my client web sites then inform me when something looks wrong, infected or deceptive, however in this case their search produced a false positive. As a result it created some amount of fear and panic inside of me, then it took me time to research what Google was inferring, inspect the code, run some tests, and finally convince myself that nothing was wrong at all, and to communicate to Google that a review was warranted.
I'm hopeful that Google cleans up their efforts to detect infected or deceptive web pages, but also reducing the number of false positives that are trigged, because my time is valuable.