Phishing Exposed

Redirects that do not sanitize external CRLF requests
Queries that reflect evaluated script code
Proprietary 404 pages that reflect evaluated script code
Do not request personal information updates from your customers via email
Do not send emails in a similar manner that phishing emails are sent
Do not use click here links
Do not link to third party sites
Protect your website from vulnerabilities that enable phishing threats
Unfiltered redirects can and will be problematic when phishers footprint your company hosted domain.
Many redirects are vulnerable to header injection and HTTP response splitting attacks, enabling cross-site scripting against the User-Agent.
Implement proper filtering and audit the filtering by running fuzzy tests against your site.
Unfiltered queries found in search engines, stock tickers, miscellaneous forms, and arbitrary queries that reflect user input can be used to launch cross-site scripting attacks.
Depending on the query, a combination of threats can exist including cross-site scripting, header injection and arbitrary redirects.
Filter out unnecessary characters such as <> and %0d%0a to assist in prevention of CSS.
Mis-configured 404 pages can be a serious threat to your online business as it enables phishers to construct malicious links in an arbitrary manner in order to gain misplaced trust with the user.
If at all possible, use well known web servers and their internal 404 page implementation. Servers like Apache and IIS implement proper filtering for 404 s and are safe to use.
Glorified or modified...