Phishing Heuristics Engine

SYSTEM ONLINE

Payloads Audited

0

Threats Detected

0

Latency: 14ms

Global Intelligence

Phishing By The Numbers

Real-world data on the scale and impact of phishing attacks in 2024.

3.4B

Phishing emails sent daily

+61%

Rise in attacks since 2022

$17.7B

Annual financial losses

21s

Avg. time to click a phish

Attack Vector Breakdown

Email
96%
SMS / Smishing
45%
Voice / Vishing
28%
Social Media
19%
Malicious URLs
72%

Most Impersonated Brands

01Microsoft33%
02Google12%
03DHL / FedEx11%
04LinkedIn8%
05Amazon7%
06PayPal6%
Threat Intelligence

What Is Phishing?

Understanding the threat is the first step in defeating it.

Phishing

Mass-distributed fraudulent emails disguised as legitimate sources to steal credentials, install malware, or trick victims into wire transfers.

Spear Phishing

Highly targeted attacks crafted for a specific individual using personal data harvested from social media and public records.

Whaling

Executive-level spear phishing targeting CEOs, CFOs, and directors to authorize fraudulent wire transfers or expose sensitive data.

How a Phishing Attack Works

1. Reconnaissance

Attacker researches the target — harvesting email addresses, names, and company structure from LinkedIn, company websites, and data breaches.

2. Weaponization

Crafts a convincing email with a spoofed sender address, urgency triggers ("your account will be suspended"), and a malicious link or attachment.

3. Delivery

Email is sent via compromised servers or legitimate-looking domains to bypass spam filters and reach the inbox.

4. Exploitation

Victim clicks the link, lands on a pixel-perfect fake login page, and enters credentials — which are immediately captured by the attacker.

5. Exfiltration

Stolen credentials are used to access accounts, pivot into corporate networks, drain bank accounts, or sold on the dark web.

Urgent language & threats
Suspicious or misspelled URLs
Unknown or spoofed sender
Unexpected attachments
Requests for credentials
Poor grammar & spelling
Too-good-to-be-true offers
Brand impersonation
Knowledge Base

Frequently Asked Questions

How does PhishGuard detect phishing emails?
PhishGuard uses a 4-layer defense grid: (1) a Neural Linguistic Engine using TF-IDF vectorization + Naive Bayes / Random Forest ML to analyze intent, (2) Heuristic keyword & pattern matching for known phishing triggers, (3) Google Safe Browsing API for real-time URL reputation checks, and (4) an Identity Layer with domain whitelisting and brand spoof detection.
What should I paste into the scanner?
Paste the full raw text of the suspicious email — including the subject line, sender name, body, and any URLs. The more context you provide, the more accurate the analysis. You can also paste just the email body or a suspicious URL by itself.
How accurate is the PhishGuard ML model?
The underlying Naive Bayes / Random Forest model was trained on a curated dataset of labelled phishing and legitimate emails. Combined with the heuristic and reputation layers, PhishGuard achieves high precision on common phishing patterns. However, no system is 100% accurate — always apply human judgment for borderline cases.
What is the browser extension for?
The PhishGuard browser extension lets you scan suspicious emails directly from your browser without switching tabs. It connects to the local Flask server at 127.0.0.1:5000. Click "Add to Browser" to download and install it in Developer Mode — full instructions are provided in the modal.
Does PhishGuard store my emails?
PhishGuard stores only the verdict (PHISHING or LEGITIMATE) and risk score in a local SQLite database for the scan history counter. The actual email content is never persisted to disk — it exists only in memory during analysis and is discarded immediately after.
What are Forensic Markers?
Forensic Markers are specific high-risk words and phrases the AI identified in your email that are statistically common in phishing attempts — such as "urgent", "verify", "suspended", "password", "login", and "account". These are the Explainable AI (XAI) outputs that justify the verdict, rather than leaving the decision a black box.
I received a phishing email — what should I do?
1. Do not click any links or download attachments. 2. Report it to your IT/security team or email provider (use "Report phishing" in Gmail/Outlook). 3. If you already clicked a link, change your passwords immediately and enable 2FA. 4. If financial details were entered, contact your bank immediately. 5. Report to the national cybercrime agency in your country.
Can I use PhishGuard via API?
Yes. PhishGuard exposes a REST API at POST /predict_api. Send a JSON body with {"email_content": "..."} and receive a JSON response with verdict, score, flags, and identified forensic markers. This allows integration with email clients, SIEM systems, or CI/CD pipelines.