Issue

When users click on the phishing link in a simulated phishing email, the following page is displayed.

Error: Deceptive site ahead

Solution

You may now configure the list of domains on which Safe Browsing will not trigger a warning. This involves editing registry settings in Windows.

Please refer to the Google's article at https://chromeenterprise.google/policies/#SafeBrowsingAllowlistDomain for details. 

This can also be applied via Group Policy using Google Chrome's policy template at https://support.google.com/chrome/a/answer/187202?hl=en#zippy=
 

You could also use another domain. Many times Google flags the sub-domain and not the top level domain. For example, https://universitysupport.password-update.com may be blocked, but https://university-support.password-update.com and password-update.com are not. Simply adding a dash to the sub-domain could make a difference. 

Impact

• Data Entry Campaigns: you should expect to see a steep reduction in failures, as users are warned and blocked from reaching the landing page. Many will never even get a chance to hit Submit
• Drive-By Campaigns: As this happens after a user has already clicked, we will still measure the failure
  • The user would likely not see the teachable moment, unless they manually hit Details and chose to continue to the site anyway
  • If you use PhishAlarm, you might see a higher report rate after users see this warning, and go back to report the email. (You can identify these users by ones who have both a Click and Reported metric)
  • If it was a blind Phish or you otherwise aren't using a Teachable Moment, you might see a higher rate of prairie dog behavior where one user will tell others about the suspicious link and we may see click rates drop off and report rates go up after that domain was flagged

Please feel free to open a ticket with the support team if you find a URL that is flagged and they will work to get in un-flagged.