I sent a link to a video proposal the other day to a potential new client,  and he replied back that he got a security warning trying to watch it on his phone.

He didn’t say much about the warning at the time, but when we spoke he brought it up again, reading the warning verbatim…

“McAfee tested this site and found viruses, spyware, or other potentially unwanted programs.”

False warning by McAfee via Verizon for an Amazon S3 subdomainUh oh. Had I Been Hacked?

My immediate thought was of course, that my site was hacked, but just a split second later I realized this wasn’t even a website we were talking about.  It was simply a bucket within my Amazon S3 account for storage, and nothing more.  There’s nothing to hack.

Still, this is embarrassing, right? Here I am, portraying myself as some sort of expert on the internet, and I’m sending him a link to danger.  That’s a real confidence builder, isn’t it?  How do you like me so far?

I asked him what it said in his address bar, and realized that the message was coming from Verizon, (myvzw.com) and since that’s my wireless carrier too, I was able to see the warning too.

I Chose to Visit Anyway

Now I’ve had my Amazon S3 account for over 10 years, never been hacked (that I know of)  and the first thing that went through my mind was that something bad happened.

It’s important to mention here that a good general rule of thumb, when a security company tells you NOT to go somewhere, don’t go.

However,  it was a single video file that I made myself, and I knew there was nothing wrong with it, so  I chose to Visit Anyway.

Changing the False warning by McAfee via Verizon for an Amazon S3 subdomainMcAfee Then Said It Was Safe

After proceeding, I was taken to another page on McAfee’s domain, where they said everything was fine. In fact, not just fine, they called it “safe”, reading:

“This Link Is Safe. We tested it and didn’t find any significant security issues.”

I took the screen shots and decided to write a few thoughts down here,  because I’m wondering how this happens.

The First Screen is a Lie

Clearly the first screen is inaccurate, and should be changed.  McAfee did NOT “test the site”, because the URL didn’t even exist until I uploaded the video.

If McAfee’s claim is that they’ve visited my subdomain before and found problems there,  well I’m not buying that either.  There are absolutely no files in there for public or crawler consumption, only private storage.  None of the files or folders can be seen or even accessed without the a URL first being enabled for viewing, and then sharing the exact URL with someone.

How Does This Happen?

I realize I’m not likely to get an answer, but I’d sure like to know why this happened, and how it can be prevented in the future.

Does McAfee place all Amazon S3 subdomains automatically on a “suspicious list” of some sort? Does McAfee regard all URLs that it’s never seen before as suspicious? And once the McAfee test is actually run, and it does show that the URL is a safe one, doesn’t that mean that the problem actually stems from Verizon?  Inquiring minds want to know!

Regardless of who’s responsible, to use the verbiage “McAfee tested this site and found…”  when it’s completely untrue, is inaccurate, misleading, and can cause someone problems. In my case, it could have cost me a new client.


Share This