Share via

Need assistance with persistent, incorrect Microsoft Defender phishing warning for legitimate bank website

Anonymous
2025-01-17T22:12:28+00:00

Our company manages the website for ssbcheyenne.bank.

Our website has been incorrectly flagged by Microsoft Defender for phishing, despite being a legitimate .bank domain (which requires strict verification to obtain and maintain).

Technical details:

  • Domain: ssbcheyenne.bank
  • Valid SSL certificate from Let's Encrypt
  • Proper security headers implemented including CSP
  • No mixed content issues
  • Clean malware scans

We have a lot of other websites loading from the same server that are highly similar banking websites, and none of them are having any issues at all.

I have submitted multiple reports through the Microsoft Security Intelligence portal over several months. Each time, I receive an automated response saying to expect feedback soon, but never receive any actual response or resolution.

As a financial institution, this incorrect warning is significantly impacting our customers who use Edge browser. We meet all security requirements for banking websites and need assistance getting this false positive resolved.

Can someone from the Microsoft Security team please help escalate this issue? I can provide any additional technical verification needed to confirm our site's legitimacy.

Thanks!

Kenny McCune

Megaphone Designs

Microsoft 365 and Office | Microsoft 365 Defender | Other | MacOS

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-01-18T00:05:39+00:00

    Dear Kenny McCune,

    Thank you for providing the detailed information about the false phishing warning affecting your website. I understand how this issue impacts your business and customers, and I’d like to help guide you through the next steps to address this.

    Steps to Resolve the Issue:

    1. Reconfirm Submission Through Microsoft Security Intelligence

    • If you haven’t already, visit the Microsoft Security Intelligence submission portal to submit the website as a false positive.

    • Include all relevant technical details (e.g., domain, SSL certificate, security headers, scan results) to strengthen your case.

    1. Contact Microsoft Defender Support

    • Use the Microsoft Support for Defender to raise a support request.

    • Specify the domain and provide evidence that it meets all .bank verification standards, has valid SSL certificates, and passes malware scans.

    1. Request Escalation

    • Mention in your communication that this is a verified .bank domain, which undergoes stringent requirements.

    • Include the impact this issue has on your customers and your business reputation as a financial institution.

    1. Verify Edge Browser Settings

    • Suggest affected users add your site to the trusted sites list in Microsoft Edge as a temporary workaround:

    • Go to Settings > Privacy, Search, and Services > Security and add the domain under trusted sites.

    1. Follow Up on Past Submissions

    • Reference the case IDs of previous submissions if available. This helps demonstrate your ongoing effort to resolve the issue.

    1. Provide Detailed Evidence

    • Prepare documentation to validate your site’s compliance:

    • SSL certificate details.

    • Results of clean malware scans.

    • Screenshots of implemented security headers and CSP rules.

    If the issue persists after these steps, escalating directly through your Microsoft business account representative (if applicable) may provide quicker resolution.

    I hope these suggestions help resolve the problem. Let me know if further assistance is needed.

    Best regards,

    Yuki

    0 comments