Google & Firefox 2 Anti-Phishing Warning In Action

Last month, I covered a number of ways that browsers and search engines are working together to protect surfers from phishing sites. These are sites pretending to be run by someone else, such as bank, in hopes of catching your personal log-in information.

This week while doing my banking, I got to see a phishing warning actually happen through the Google – Firefox 2 partnership. It was also an incorrect warning, which made the experience even more interesting. Below, a look at what happened when I visited Citibank.

I went to the CitiCards site, which I’ve long used. I typed in the URL, rather than doing a search for it. That meant I was pretty sure I’d hit the right site. Still, watching my browser screen go dark and this message was kind of scary:

Google/Firefox Phishing Warning

I double-checked everything to make sure I hadn’t gone to the wrong place. I hadn’t. So, I tried the "This isn’t a web forgery" option to see what would happen. That got me to this page:

Google/Firefox Phishing Incorrect Warning Report Page

I submitted the information, then got a confirmation page telling me that I’d done my good deed for the day.

What if you were like Citibank, tagged as a phishing site by mistake? There’s a generic report page here that says:

If you believe Google Safe Browsing is warning users of misleading activity on what is actually a safe page, please complete the form below to report the error to our Google Safe Browsing team. They’ll act quickly to address any possible errors. Learn more

Sadly, the "Learn more" link generates an error in Google’s help area. There is a general section on safe browsing here, but I didn’t spot any topics specifically for site owners. If anyone has advice they know of, drop it in the comments below. I’ll also check with Google on this.

Google maintains the master blacklist used by its own toolbar and Firefox. Michael Sutton has a recent and interesting look at it here.

Also see my AOL Has "Safest" Results & Free Results Safer Than Paid  article from last month. It covers a recent survey on the safety of search results plus provides a long list of tools you can try to protect yourself from the major search engines and others.

Related Topics: Channel: Consumer | Search Features: Safety | Toolbars & Add-Ons


About The Author: is a Founding Editor of Search Engine Land. He’s a widely cited authority on search engines and search marketing issues who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • yoramn

    The problem with these phishing filters is that they are immature and many Internet fraud attempts can still get through. Gartner agrres with this statement.
    The only solution that can really protect users from scam is a combination of
    1. Phishing filter
    2. Detection of non phishing scam sites
    3. Warning the user before he clicks a link about the potential problems of following the link
    4. Positive identification of good sites and thir owners providing the information to the user in order to help him deciding if it is OK to deal with a site

    There are solutions providing all the above, like CallingID

  • S0crates9

    The best way to address phishing, is to consult with a team that does it. Use the knowledge to create soem sort of heuristics detection along with a database of known “whitelist” sites.

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide