And guess what, when Google Sites are used in phishing attacks — and anyone who does any #InfoSec work knows they do, a lot! — somehow the whole sites.google.com domain does not get flagged like that.
When Google Amp is used in phishing attacks — again, not a rare occurrence! — somehow Google Amp domains do not get flagged this way. :thaenkin:
Flagging our site stopped exactly zero attacks. But now we have to send in reports and beg Google to maybe please unblock us.
And why is that?
Because over-blocking a website of small hackerspace is *cheap*. "No downside".
Because "hacker" and "hack" have been appropriated by those too lazy to be specific in their use of language when talking about "computer stuff." Also, it drives clicks!
Result? Some algorithm somewhere sees "hacker" and goes bananas: "danger, Will Robinson!"
So forgive me when in the future I react *badly* to some random toot mislabeling cybercriminals as "hackers".
#FuckGoogle #InfoSec