Phishing protection that doesn't leave grandma behind.
A browser extension built for adults 65+. Three-signal AI detection with accessibility-first design. When something looks wrong, one big button alerts your family — with a screenshot — before any money moves.
See how it thinks.
Click any scenario below to see PhishGuard evaluate a real-world situation. The extension runs three detection signals in parallel and explains its verdict in language anyone can understand.
Three detection signals. One clear verdict.
Most phishing tools rely on blocklists that can't catch new attacks. PhishGuard combines three independent ML signals so novel phishing gets caught on first contact — not after hundreds of victims report it.
Signal 1 — URL Features
Domain age, SSL certificate age, Levenshtein distance from 200+ known brands (catches amaz0n.com, paypa1.com, rbc-login-verify.com), TLD risk scoring, suspicious URL parameters.
Signal 2 — DOM Analysis
Runs in the page. Detects form actions that post to a different domain, hidden iframes that overlay real sign-in buttons, and Browser-in-the-Browser attacks where the "browser chrome" is just HTML drawn on top of the page.
Signal 3 — Visual Similarity
Perceptual hash of the rendered page compared against a 200-brand library. A page that looks like Bank of America but loads from boa-secure-login.ru gets flagged immediately — even if the URL features were inconclusive.
Ask My Family — One Button
When in doubt, one press captures a screenshot and sends it via SMS to a pre-configured trusted contact. Works even when the user hasn't been warned — because sometimes the scam slips past ML, but never past a skeptical grandchild.
Accessibility First — Not a Retrofit
48px+ shield icon, 18px+ body text, 4.5:1 contrast minimum, keyboard navigation throughout, screen-reader announcements on verdict changes, respects prefers-reduced-motion. Tested with real seniors center users.
Privacy — Yours Stays Yours
URLs are hashed before any ML backend sees them. Screenshots never leave the device except when the user presses Ask My Family. No analytics, no ad SDKs, no telemetry you didn't opt into.
How it's built
Chrome Manifest V3 + Firefox MV3 compatible. ML inference runs in a Flask backend because MV3 restricts ML libraries in extensions. Everything else runs on-device.
- Background service worker
- Content script per tab
- MutationObserver on DOM
- Popup UI (vanilla JS)
- Flask + Gunicorn
- XGBoost URL classifier
- imagehash pHash engine
- python-whois cached 7d
- PhishTank (50K URLs)
- Tranco top 1M (benign)
- 200-brand pHash library
- Elderly-targeted scam corpus
- Twilio Programmable SMS
- HMAC-signed screenshot URL
- 24h expiring R2 link
- Fallback: email via SES