Move phish warning page to metamask.io domain #148
Comments
|
When a user is faced with this page, shouldn't there be an option for submitting the potential URL to an analysis service or some other inbound queue for analysis? AKA why not have this report to SEAL bot potentially? Also, why not mention the potential for loss of funds, yes I know that is implicit, but it should be explicitly stated to reinforce the potential for danger. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently when you attempt to navigate to a blocked site, the redscreen page is served from
https://metamask.github.io/phishing-warning/v3.0.0/.........The warning page is our authority page to let users know of a scam they are about to visit. If we continue to serve it on non-metamask.io domain, we are training users to trust non-metamask domains for this security control.
Moving to metamask domain will isolate it from the rest of the metamask experiments that are served under
metamask.github.io/<your page>Ref Links
https://github.com/search?q=org%3AMetaMask+metamask.github.io%2Fphishing-warning&type=code
extension https://github.com/MetaMask/metamask-extension/blob/develop/development/build/scripts.js#L191
also some ledger thing also served from here: https://github.com/MetaMask/metamask-extension/blob/develop/offscreen/ledger-iframe.html
mobile doesn't seem to be serving the same page lol. It's serving a page that apparently ships with the app?
https://github.com/MetaMask/metamask-mobile/blob/main/app/components/UI/PhishingModal/index.js
The text was updated successfully, but these errors were encountered: