The following are recommended application security measures to help guard against phishing attacks, particularly ones that attempt to redirect the user into authenticating with an untrusted server over the file:/// protocol.
Applications using URL Monikers (URLMon.dll) for URI processing
Best practice is to implement the IBindCallbackRedirect and its Redirect method in the callback provided while creating the binding context with CreateAsyncBindCtx