Understand What Constitutes Phishing
You might not even know that your pages are considered phishing portals. The first thing to ask yourself is what pages could be considered phishing. The first red flag is a site that doesn’t use SSL or TLS on their web server but retrieves personal data. SSL (and now the newer TLS) are certificates you install on your web server. The certificates allow you to provide encryption between your site and client’s browser. SSL certificates provide your site with the ability to use HTTPS as the protocol, which protects against eavesdroppers.
Go through your pages and identify if any of them ask for personal information. If a user lands on your page using HTTP, he should be redirected to the HTTPS version of the page before entering private information.
Another possibility is how you process data. When you submit data from a web page form, it sends data either in a form POST or GET action. The GET action sends data in the browser’s querystring values. You’ve probably seen web pages with a question mark and variables appended at the end of the page name. Querystring values look like the following:
Mysite.com/?firstname=james&lastname=brown
The querystring is everything after the question mark. In this example, a user’s first and last name is passed to a processing page. What if the querystring contained a social security or bank account number? This is considered insecure. When hackers use phishing methods, they are generally sloppy in how they set up pages. For this reason, poorly secured or programmed sites are considered suspicious and flagged.
Another common and much more difficult problem to identify is a hacked site. Hackers who gain access to your site place phishing pages on the domain without your knowledge. This makes it much more difficult to track and identify the phishing page.
You can use a crawler that looks specifically for hacked content. For instance, AWSnap (aw-snap.info/file-viewer/) is one site that crawls specific pages, identifies any suspicious code and gives you suggestions. Another tool is Securi.net. This tool also lets you subscribe for a fee and use it to automatically crawl your site at a specific rate. If any suspicious files are found, Securi sends you a notification.
If you can’t find the hacked pages, you’ll need to hire a professional. Google won’t remove the warning until any phishing content is removed from your domain.
In rare occasions, your site might be incorrectly flagged. If this is the case, you can request a review and explain. Google also provides this URL for reporting incorrectly flagged sites:
google.com/safebrowsing/report_error/
You should also know that Google has different levels for warnings. The most common form of a phishing notification is “Deceptive site ahead.” The message is displayed in the Chrome and Firefox browsers. If Google believes you host malware, the warning indicates that a site could harm a computer or contains malware.