ganeshv
commented
6 years ago Glad you noticed the absence of the security image - mission accomplished :)
The URL has changed, we need to update our list. You could do so as well, by hitting the icon and doing "Protect Page" on the new login page.
The behaviour you describe is expected. We automatically mark the domain of every protected page as a "safe domain", which means pages on those domains and subdomains are not subjected to (expensive) image search as they are assumed to be highly unlikely to host phishing pages. This is done for two reasons.
Firstly, we optimize on browsing performance and overhead for the 90% case.
But more importantly, we want to avoid the precise scenario you encountered - flagging a page on a legit site which contains its own logo as a phishing attempt. There are guaranteed to be several such pages for each site. Saying "this page looks like Google - but it's not" when it is hosted by Google would be deeply confusing and annoying to the average user. The villagers might forgive the boy crying wolf on spotting a zebra, but they will not forgive him crying wolf over a sheepdog who's lost his collar :)
kousik97
anil5356
The security image which was seen while accessing gmail has disappeared all of a sudden. One good thing about this is that, now I have got used to the security image that I am alerted by the lack of it(hence, reached the goal of spotphish). Possible reason behind this anomaly might be that the link to login page has changed. But anyway the logo is the same, so is spotphish not supposed to alert me since I am accessing a webpage which has the same logo as gmail but is not genuine? Can you please look into this.