Apparently, We’ve Got Phish (Don’t Worry, We Haven’t!)

Urgent site news awaits.

It has come to our attention, through an abuse complained, that a specific article on the blog has been marked as a ‘phishing’ URL by Google.  Obviously, quite concerned, I have immediately investigated this complaint to detect any possible hacking activity that may have compromised part of the site.

I can confirm that the security and integrity of the article mentioned in the Google Security alert is completely intact and safe – as is the rest of the blog and the DPS Computing website.

We work tirelessly, including with third party security consultants to keep our websites and our users safe.

I will not link to the article here, as unfortunately, in doing so, this page will then be marked with a security alert for linking to a so-called ‘phising URL’ however the article is our ‘Facebook Introduces the Brand New App Centre’ article that we published way back in 2012.  This article has not been updated since 2012.  In four years of being published and freely available on the Internet, Google has not marked anything suspicious relating to this article, or indeed our sites in general.

Google has made an error

Don’t worry, you’re safe!  Your security is our top priority – that’s why it’s a topic that we blog about passionately and use social media to raise user awareness of security.  Google’s cocked up unfortunately – branding one of our pages a phishing page.  You’ll see something like this if you attempt to go to the specific article:

The only links on the article mentioned are to Facebook (www.facebook.com) and WordPress (www.wp.com) which are both verified as official websites of their respective companies as well as deemed safe by Google.

The only ‘dynamic’ third party links contained on this article are to Google Adwords – which Google manage and presumably Google think they’re safe.  Any malicious URLs provided as Google Ads are not accepted and/or removed by Google continuously so that they remain safe.

Unfortunately, as many third party tools trust Google implicitly when marking websites or webpages, tools such as McAfee has picked up on Google’s security warning so are unfortunately showing similar messages – although they provide no details regarding the supposed ‘phishing attempt’ (as it doesn’t exist!).

Why has this happened?

There are a number of possible reasons this could have happened:

  1. A malicious complaint could have been made – unfortunately, as a website which promotes user security and warns users of potential threats, how to avoid them and security advice in general we are unfortunately a target for both hackers as well as malicious complaints where third parties attempt to have our sites or pages on our sites taken down on complaints that have no basis.  Unfortunately we have to deal increasingly with malicious complaints.  DPS Computing investigates all complaints promptly, including malicious complaints, and liases with our hosting providers as well as Google and third party security companies.
  2. Google made a mistake – sometimes it happens.  The Google brain brands a website after it cocks up.  Could be a bug, could be a dodgy typo – who knows.  You’d have to ask Google about the reasons why it has happened in this case.  We have submitted a query to Google regarding this error and will update you with any response we receive.

Another reason this could potentially happen is if the website had been hacked or compromised in another way, and malicious content inserted onto the website.  We have undertaken a review of the site and this is not the case in this instance.  We constantly review and bolster our security procedures, policies and methods in conjunction with specialist third party companies.

Finally a reason that this could be displayed on a website is if the website really is trying to phish your details – it could be both published by the webmaster or could indicate that the website has been compromised.  Neither of these apply in this case.

What are you doing about it?

We are working with our domain registrar, hosting company and Google to resolve this issue as soon as possible.  The page in question should be delisted and marked safe in due course – until then, the warning on this page will prevail.

We will be working with the above companies to implement any methods we can to reduce the incidence of such ‘false positives’ and to expedite removal of erroneously marked pages.

Please be aware to ‘real time’ scanning on the article have returned a clean bill of health:

And our ‘PhishTank’ result – which detects phising activity on a webpage shows that there is no phising activity on the article in question:

Thanks for bearing with us.  If you have any questions whatsoever, please feel free to contact me.

Remember – Your Security Is Our Priority

We do everything possible to keep you safe – and will continue to do so to maintain a safe environment across all of our websites.

We also want to take this opportunity to remind our users to keep your security software up to date.  Yes, it makes mistakes – but better to have a few false positives rather than let a few through the net!  However annoying they may be!

Thanks,

DPS David.

DPS David: