IE Phishing Warning - help avoiding a false positive - HTML forum at WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

IE Phishing Warning - help avoiding a false positive

SEOMike

6:09 pm on Oct 29, 2008 (gmt 0)

I've added a news section to a page on one of my sites. It's an ASP page that pulls industry news from RSS feeds. I think it would be really helpful for my users. For some reason it's triggering the phishing filter on IE7. This isn't good because the page has a section where people sign up for the site. Why is it doing this? How can I avoid it?

I can't have a site saying "Microsoft recommends that you do not give any of your [personal] information to such websites."

tedster

6:36 pm on Oct 29, 2008 (gmt 0)

Here's some information from the Antiphishing white Paper [microsoft.com] that Microsoft published.

Because the yellow warning in the MS Phishing Filter reflects a “maybe,” rather than a “proven,” phishing label, Microsoft believes it is vital that any Web service provider whose site falls into that category has a clear and simple path to resolve any questions...
Site owners can launch a webform that will prompt them for information about their business and their site. For Internet Explorer 7, this webform can be launched through the Tools > Phishing Filter > “Report This Website” menu options in the browser, or from the UI that comes from pressing the yellow or red button in the UI or from the blocked page itself.
This UI is also accessible by right clicking on the status bar on the lower-right corner of the Internet Explorer 7 window.
Once that information is sent, a team of experts at Microsoft will look at the data and decide if there’s a genuine mistake on the part of the filter: a false positive.

[edited by: tedster at 8:14 pm (utc) on Oct. 29, 2008]

SEOMike

7:43 pm on Oct 29, 2008 (gmt 0)

Once that information is sent, a team of experts at Microsoft will look at the data and decide if there’s a genuine mistake on the part of the filter: a false positive.

I clicked on the link to report about the site but nothing happens. Frustrating. I'll have to try on another computer. Also, any idea how long it takes for the "team" to review the submission? I want to put this on my index page but can't afford to run the risk of having a phishing warning on there for a long time.

tedster

8:16 pm on Oct 29, 2008 (gmt 0)

I have no experience with a submission, but it seems to be the best road to take if you can get it to work.

You might also read through the IE Blog Post about the Phishing Filter [blogs.msdn.com] for ideas about why your site is triggering a false positive.

SEOMike

9:19 pm on Oct 29, 2008 (gmt 0)

Thanks for the blog post. Also, the whitepaper mentioned in the blog was helpful.

For posterity:
Microsoft's anti-phishing filter whitepaper. [microsoft.com]

I think this is the part that's getting me:

External content. If a Web site intends to post external or third-party content, it is recommended that the content be secure and from a known and trusted source.

Funny thing is I'm pulling the news from Yahoo's news service. Guess Microsoft doesn't trust them. :)

[edited by: SEOMike at 9:26 pm (utc) on Oct. 29, 2008]

SEOMike

4:41 pm on Oct 31, 2008 (gmt 0)

Changed my news provider to Microsoft's news feed and now I don't trigger the phishing message. How about that.

aliceaod

11:57 am on Feb 26, 2009 (gmt 0)

I got this "suspected" phishing thing from PayPal buttons! I contacted MS right away and they got back to me right away saying it will be 24 hours for the site to come off the "list"...but come on, PayPal "add to cart" buttons?!