What happens if my site is flagged as a phishing site by my customer’s corporate security team?
If one of your sites has been incorrectly flagged as a phishing site by your customer’s corporate security team, the Aleyant team will likely be the first to contact you of such an event. These types of flags can happen for various reasons, but the most common “triggers” are the following:
- Use of your client’s company’s logo on the site
- User of your client company’s name in the site URL
- Use of any other intellectual property belonging to your client
We understand that the flag is most likely false. A lot of times these reports come from automated processes these companies have in place to find such sites. This is common for any site builds you may do for banks, investment firms, or any other financial institutions, but it really can happen for any company you may do business with. Many times, the reports are automated and are vetted by an actual person for accuracy until we report back that the site was incorrectly flagged. It’s common for larger corporations to contract this security service to outside vendors. So, it may not even be your client’s internal security team creating this flag, but the security vendor they’re using. Additionally, more and more security firms and watchdog groups are keeping an eye out for potential "bad actors" on the internet and also contributing to flagging certain sites as potentially suspicious of phishing activity. Security firms are focusing more and more on end-user privacy and data security.
Regardless of the source, the claim is vetted by our data center's security team (typically if it falls in one of the above mentioned categories of using the bank's name in the URL for example, or using their logo) which is then flagged and our security team is notified. Once the site has been flagged for phishing, time is of the essence to get this resolved in a manner that doesn’t affect normal use of the site for you and your clients. As hosts for your sites, we’re typically given 24 hours to comply with a take-down request or submit a report of a false phishing claim. If these reports come in during the early hours of a workday (12 AM – 6 AM), you may find you have less than 24 hours to get this resolved, once you’ve started your day.
Steps to remove this flag:
- The quickest and best way to remove this flag is to submit a letter proving you have a standing business relationship with your client, and that you have created the site with their permission. The letter needs to be signed and dated by you (Pressero Subscriber), and them (your client) with your main contact’s name, title, and best way to reach them (typically a phone number and email). If you can get this letter on your client’s letterhead, it helps!
- Scan the signed letter and send them back to us, as soon as possible
- If you’re unable to provide us the letter of proof within the time span we’re given to comply, we may have to temporarily make your site unavailable until the letter has been reviewed and approved.
- We will also forward you the report we received so that you can send it to your contact and have them help out getting resolution from their side.
How to avoid getting flagged for Phishing:
- Avoid using an intellectual property belonging to your client, including logos, and company names in the following areas:
- Logo file names (example: acme corp.jpg)
- Domain URLs
- In any SEO tags
- If you must use their logo or name, inquire about their documented Intellectual Property use requirements (such as how far any items must be away from the logo itself). Understand some clients are very particular about how their logos are used.
- Get on your client’s approved vendors list, if one exists. Typically, these are shared with their security team to prevent such false flags from happening.
- Have a letter already on hand that states you and your client have a working business relationship and that you've created the site for their use of ordering printing products from you. We've created an example of this letter below that you could use as a template.
- If you’re creating a site as a demo site for a client you’re trying to win business from, make sure your demo site doesn’t include their branding, until you have an established business relationship with them.
The goal in avoidance is the keep the site as generic as possible while still keeping it branded.
What happens if I’m unable to provide proof within the time constraints required?
This doesn’t mean the end for your site. We will have to take the steps of making your site temporarily unavailable, and changing the domain used to a different name as this gets resolved. Once you are able to get the signed proof of business relationship letter to us, we’ll work get it approved and your site back up shortly after. If we don’t take this step, the resulting consequences will actually expand to affect all of your sites.
Does this happen often?
This is a very uncommon occurrence, but we want you to have all the tools necessary should you encounter this type of report.
Do you have an example letter or template I can use and share with my client?
Yes! Below is an example of the letter’s verbiage you can use. It’s probably a good idea to have this letter created, filled-out, and signed, just-in-case there is any question down the road – you have it immediately available for quicker resolution.
[client company name]
[12345 Address Rd
City, ST 00000]
To whom it may concern,
RE: [client company name] Business relationship with [Subscriber Company Name]
This letter is to confirm that [client company name] has an active business relationship with [Subscriber Company Name]. We verify that [Subscriber Company Name] has permission to administrate and operate [website URL] on our behalf.
The above-named site is [client company name] ’s online ordering portal. [Subscriber Company Name] has set-up the site for us and operates it on behalf of [client company name].
Additionally, [Subscriber Company Name] has permission to use [client company name]’s logos, name in the URL, and other necessary IP belonging to [client company name] for the purpose of administrating and operating the above site within the confines of this relationship. The phishing report submitted flagging the above site as a phishing attempt against [client company name] should be considered false and removed as early as possible in order to restore normal operations.
The direct contact at [client company name] responsible for oversight of this relationship is the following: [Full name, Title, email address, and contact telephone number].
Any further questions regarding verification can be forwarded to the above contact at [client company name].