It’s three hours since I reported a phishing site to both IE7 and Firefox (Google). I revisited the site in both browsers. At first, Firefox displayed the site as before; but then I switched it to query Google dynamically. Presto! this appeared:
Note that the dynamic query setting is not the default, presumably because of its privacy implications. However, it is clearly more effective than the default downloaded list.
At the time of writing, IE7 is still saying “this is not a reported phishing site”; even though I reported it several hours ago.
This research is not bullet-proof. For all I know, someone else reported the site yesterday. Still, it’s an indication.
I’m still not clear why these browsers can’t figure out that this looks like a banking site, it’s asking for a password, but it’s not an SSL connection – perhaps we should alert the user. That doesn’t strike me as particularly advanced analysis.
See here for an update.