ie7 beta reports a site of mine as phishing , who can i contact?

Forum Moderators: open

Message Too Old, No Replies

ie7 beta reports a site of mine as phishing , who can i contact?

leoo24

7:23 pm on Dec 2, 2005 (gmt 0)

hey guys :)

a friend is beta testing ie7 and said it's antiphishing tool reported my counter site as a possible phishing site.
there was an option to report whether or not it is a phishing site, but i'd like to follow it up aswell.

Anyone any ideas of some direction i could head in to fire off an email asking what would trip a phishing warning and if there's a way to get my site on a "trusted" list

cheers :)

tedster

9:52 pm on Dec 2, 2005 (gmt 0)

The only thing I can find on the MS website is the suggestion to file the report [microsoft.com].

I'm thinking that you might have more success by discovering why your site triggers a false positive, and then changing that situation. In addition to dealing with the immediate IE7 issue, this approach could also protect you against other anti-phish-ng apps that various ISPs and others are developing.

You may gain some insight from the Anti-Phishing White Paper [microsoft.com] that's available.

I somehow doubt that this anti-phishing filter will have a White List associated with it -- that would offer too much chance to game the system.

[edited by: tedster at 12:42 am (utc) on Dec. 3, 2005]

leoo24

10:35 pm on Dec 2, 2005 (gmt 0)

thanks Tedster

i'll give that white paper a good read, can't for the life of me figure out what is setting of the filter but i've got to get to the bottom of it as it is the best solution

tedster

4:27 am on Dec 3, 2005 (gmt 0)

Seems like that Microsoft White Paper is more for the end user and less for the website owner. But towards the end there is a suggestive set of bullet points that may point us in the right directions.

Best Practices
Although there are obviously many aspects of filtering technologies that cannot be publicly disclosed,
Microsoft is encouraging legitimate Web service providers (many of which are small businesses without
the IT resources of larger providers) to follow some simple rules that can help avoid the
�yellow warning button�:
Certification
If Web site owners intend to ask users for personal information,
they should have secure sockets layer (SSL) certification.
Security
Legitimate Web site owners should continually make sure
their sites are as secure as possible from outside attacks by
maintaining up-to-date firewalls and installing all necessary
security updates.
Cross-site scripting attacks
All Web site owners should be protecting themselves by
using anti-cross-site scripting attack tools.
External content
If a Web site intends to post external or third-party content,
it is recommended that the content be secure and from a
known and trusted source.

So it looks like
1) use https when collecting personal data and
2) make sure you aren't hacked - even by a trusted content partner

Along these lines, a friend's brochure site (hosted by a major company) was hacked this year and a cross-site iframe script was placed on every page and it delivered a trojan to every IE visitor. Stuff happens, and we do need to be vigilant.