Is your site a Phishing site?

[speed]

This morning I received an email from a potential customer saying that when they arrived at the checkout IE7 flagged my site as a phishing site.

Needless to say they headed the warnings and didn't pay.

I've installed IE7 RC1 on a clean install of Windows XP and tested the site, sure enough IE7 RC1 declares it as a potential phishing site.

I've checked others of my sites that are using the exact same checkout and they have not been flagged as phishing, so it's not a coding problem. I've also looked at a few friends sites and low and behold some of them are also showing as phishing sites, like me they were completely unaware of their sites as being flagged.

I know for sure that I've lost one customer today and while IE7 is only a release candidate the number of people using it should be low, however once it is released it will be an automatic update for SP2 users as I understand it, therefore how many customers will I loose.

Not to forget the potential damage to my sites and my reputation.

I've reported the mistake to MS but so far no word.

Have you checked your sites in IE7 with the phishing filter enabled, if not I would?

Does anyone know how to avoid a site being flagged?

[aviator67]

From the phishing filter help:
-------------------------------
If you believe that a website has been mistakenly flagged as a phishing site, do the following:

To report errors to Microsoft

In Internet Explorer, go to the website that is inaccurately being reported as a phishing website.
Click the Tools button, click Phishing Filter, and then click Report This Website.
Use the webpage that is displayed to report the error.

[speed]

Thanks, however Microsoft removed the incorrect designation, I’ve received their emails confirmation emails a few minutes ago.

My biggest concern though is if you don't check your sites you don't know you have a nice big window stamped on it saying "Suspicious website ..... Microsoft recommends that you do not give any of your information to such websites".

As it appears anyone can vote against your site and as you get no warning of it, there’s now another job of periodically checking to see if your site is/is not on the black list. Worst of all you seem to have to go page by page to find if the site is flagged.

In my case it was a payment page that was flagged not the rest of the site, therefore a cursory look would not have revealed the problem.

[remccain]

Quote:

Originally Posted by speed

As it appears anyone can vote against your site and as you get no warning of it, there’s now another job of periodically checking to see if your site is/is not on the black list. Worst of all you seem to have to go page by page to find if the site is flagged.

That's just nuts. You mean *ANYONE* can flag *ANY* site as a phishing site and it warns everyone using MSIE 7?

Oh... wow...

Bwahahahahaaaaaa!

My competitors are going to lose *SO* much business >:)

Seriously though, does anyone else think that this 'feature' of MSIE is a bad thing?

[Siruis]

Only one thing left to do.
Everyone vote against MSN.com :)

[geotex]

Here is a link to microsoft to get a white paper on what and how (more or less) the Phishing Filter works.
www.microsoft.com/downloads/details.aspx?familyid=B4022C66-99BC-4A30-9ECC-8BDEFCF0501D&displaylang=en

[ManagedLinks]

this is typical of microsoft they only know how to do things badly.

Hotmail uses a similar user vote system, the stupidity is if your email is incorrectly flagged as possible spam and then the user empties the junk mail folder their system asks "report all items as spam?" which most users will do without bothering to actually check each email. hell its in the spam folder so it must be spam.

This becomes a vote against your site.

I had long discussion with staff about this problem they are totally unable to comprehend the problem mainly because they are like most support staff totally clueless. and if the boffins say its ok what would a stupid website owner know.

They assured me their system was flawless, and at exactly the same time could not explain to me why my emails continue to go to the junkmail folder even though they saw no errors with my mail system including the spf records they requested I implemented.

In other words microsoft doesnt have a clue. the trend continues

Vote with your feet people.

[Skywoolf]

Personally I would encourage all sites to start blocking access to IE and say why (poor security, non-www standards problems, damage to business, etc.)

It is about time people stopped being bullied (conned) by microsoft. There has been far too many problems caused by IE that are damaging to web sites and users.

[jambadeaux]

Here my understanding and intenions.

Rightfully so Microsoft doesn't like the bad guys. And it seems they have good intenions with the philosophy, "don't trust anyone further than you can throw them". That's all great, but I don't think they wlll fix the problem until they start having to defend themselves. Generally I don't even us IE but I intend to get this IE7 and vote against Microsoft. Even though for all intensive purposes I think their intentions are good, they just have to figure out a better way to accomplish their goals.

[Clint1]

I smell yet another Class-Action Lawsuit against the "geniuses" at M$ because of this. I for one will START the Lawsuit if IE7 is erroneously tagging any of my sites.

I, like most everyone else here is appalled by these scamming type sites and I think they (along with spammers) should get the "death penalty". I applaud the M$ "effort" to do something about it, but this is NOT THE WAY; harming the businesses and livelihoods of legitimate businesses.

I'm going to have someone using IE7 check my sites ASAP. Thanks for the post.

[JamesE]

I am a "reader" rather than an expert but I wonder could IE7 be used to report Microsoft sites as phishing sites and unsafe?

[Skywoolf]

Some of their ideas would be good but most are badly produced, full of bugs and glitches, not properly thought out and then cause huge problems because almost everyone believes the hype and uses MS software.

[Clint1]

Quote:

Originally Posted by JamesE

I am a "reader" rather than an expert but I wonder could IE7 be used to report Microsoft sites as phishing sites and unsafe?

Hee hee. :-) Good point. It depends on to where this "alleged phishing report" information is sent. Since (I assume) it's reported to M$, they wouldn't care. Here's yet another example of "with great power comes great responsibility" and M$ like Google is the most irresponsible atrocities on the internet. Who the hell made them "official internet police"??? I'm ALL FOR some type of internet policing, but NOT by M$! This issue proves why. It should be done by some national or even international recognized body whom are experts in the field, and who would not slander the names and businesses of good legit people in the process.

[speed]

Quote:

Originally Posted by Clint1

I'm going to have someone using IE7 check my sites ASAP. Thanks for the post.

When you do, make sure that they visit all pages of the site and go entirely through your checkout and so on.

To reiterate in all the sites I've found so far, both mine and friends, a quick look revealed nothing it is only specific pages that trigger the filter.

In the case of one of my directories:

• You navigate to the category to submit to
• You enter your sites URL
• You enter the listing details and your billing information and submit it.

So far 2 forms collecting information and no phishing warnings from IE7.

Finally you are shown a link to go to PayPal to pay and some information about payment. It's at this final page the phishing filter triggered to tell my customers not to give any information. Reading the whitepaper it is probably because we’re sending data to a 3rd party site.

If there was a way to automate this testing or at the very least something to tell you if a site was at risk then that would save hours of checking but as it stands I see site owners needing to check their sites every few weeks.

As of this morning my sites no longer trigger the phishing filter, so at least it seems once you know you’re flagged you can get it sorted fairly quickly. Having said that I do wonder how long it will take them to correct issues when IE7 is in full use.

[Skywoolf]

Even if you can, after all that effort every few weeks, get your site off the list there will be hundreds of thousands of sites losing money directly due another MS screwup.

I think I might put a warning on my sites to beware of false and damaging information given by IE7.

[speed]

Ah but in the IE7 help it says beware of sites showing this type of information! It's a loose loose situation.

[Clint1]

Quote:

Originally Posted by speed

Quote:

When you do, make sure that they visit all pages of the site and go entirely through your checkout and so on.

To reiterate in all the sites I've found so far, both mine and friends, a quick look revealed nothing it is only specific pages that trigger the filter.

In the case of one of my directories:

• You navigate to the category to submit to
• You enter your sites URL
• You enter the listing details and your billing information and submit it.

So far 2 forms collecting information and no phishing warnings from IE7.

Finally you are shown a link to go to PayPal to pay and some information about payment. It's at this final page the phishing filter triggered to tell my customers not to give any information. Reading the whitepaper it is probably because we’re sending data to a 3rd party site.

If there was a way to automate this testing or at the very least something to tell you if a site was at risk then that would save hours of checking but as it stands I see site owners needing to check their sites every few weeks.

As of this morning my sites no longer trigger the phishing filter, so at least it seems once you know you’re flagged you can get it sorted fairly quickly. Having said that I do wonder how long it will take them to correct issues when IE7 is in full use.

Oh my, my shopping cart is my own, but my checkout is PayPal!!! I don't know if I can find someone to check ALL of my pages and I'm not about to install that POS on any of my PC's.

PayPal is only on my final checkout page, after the shopping cart is populated on the cart page and you click to checkout.

Could you possibly post, or PM me the pages that are triggering the filter from your site? There must be a commonalty between them, may not be PayPal related. I don't have PayPal links on any of my pages, just "Add to cart" and "View cart" buttons (which go to the cart page).

How exactly did you get this sorted out, what address or phone # did you contact?
Thanks.

[speed]

Quote:

Originally Posted by Clint1

Oh my, my shopping cart is my own, but my checkout is PayPal!!! I don't know if I can find someone to check ALL of my pages and I'm not about to install that POS on any of my PC's.

We to have our own cart from which we build e-commerce sites for our clients, so far trawling through my client sites non of them seem to have been flagged.

Quote:

Could you possibly post, or PM me the pages that are triggering the filter from your site? There must be a commonalty between them, may not be PayPal related. I don't have PayPal links on any of my pages, just "Add to cart" and "View cart" buttons (which go to the cart page).

I have 2 directories using the exact same script with the exact same payment page, one was flagged the other wasn't. Both directories are on the same IP of the same server. The only difference is the skin.

The other of my sites was a login form, when my customers login to download software they have purchased.

Quote:

How exactly did you get this sorted out, what address or phone # did you contact?
Thanks.

You have to install IE7 RC1, you navigate around your site until you get the warning popup then go: Tools > Phishing Filter > Report this Website, complete the form as the site owner.

If and only if, as far as I can tell, you do this from a flagged page will you get the option to say you are the site owner and Microsoft have got it wrong.

As a side note, if you install IE7 make sure you keep a copy of IE6 somewhere as you’ll need both for checking the site layout as they don’t work quite the same.

[PARoss]

Firefox release 2 also has anti-phishing protection -- http://www.mozilla.org/projects/bonecho/anti-phishing/.

Also, Thunderbird regularly identifies the email I receive from WebProWorld as spam. I suspect the two things are related.

Phil

[speed]

I'm sure we'll see more applications with phishing protection in, should be fun testing all site in all of them.

There needs to be an equivalent to dnsstuff.com which checks your site against all the lists, or general users need more education on what the warning mean so that they don't just run away.

[Clint1]

Quote:

Originally Posted by speed

Ah but in the IE7 help it says beware of sites showing this type of information! It's a loose loose situation.

You may want to edit that to "lose lose situation". Then I'll delete this post. ;)