Ahh yes, this is from the Category Lockdown plugin, I looked through the code and it does use 402, @david could it be causing the phishing warnings? I see the plugin hasn’t changed since October but maybe something in core is conflicting? I will try disabling it and see if the users still get the warning.