What really triggers a "phishing threat" warning?

Hello,
 
Please submit a support ticket so that we can gather log files and determine what caused the block. 
 
Thanks,
 
-Dan

Okay, so it's a new site/domain so doesn't have a high reputation score, triggered when it launched a pop-up debug window.  I'm fine with that....makes sense given how phishing sites often work.
 
But the webroot warning should say this -- and I mean this as a user of webroot, not in regards to my domain getting warned.  In this case "this website has been REPORTED to contain" is untrue.  This website "has been evaluated by webroot as a high risk of..." would be a more correct statement.  The text "reported" should be used when there are....well...actual reports of an issue with the site  -- and not simply a webroot engine decision.
 
That distinction between data-driven and analysis-driven warnings is quite important to me as a user...and would help guide whether I proceed or not out in the wild. 
 
Just my $0.02.  It doesn't really affect me beyond this, and that's already fixed.  And I'm happy with webroot as the best out there -- just don't go too far in the way of scary warnings, and keep it somewhat clear what is actually driving them to appear.

Most of the URL classification is automatic based on some criteria, such as the newness of the site.  Humans intervene when something is misclassified or if someone requests us to re-evaluate.  I do take your point on the messaging though, so I'll pass that long to the dev folks.

Ok I heard back from some folks here and they are taking your suggestions into account for some already planned work to update the messaging for blocked pages.  Thanks for suggesting it!