What started as a proof-of-concept experiment here at Moonlock was polished to perfection by MacPaw’s Technological R&D — Ivan Petrukha, Nataliia Stulova, and Serhii Kryvoblotskyi. Their research on phishing website detection has produced a native macOS app that detects spoofed websites in real time and can spot zero-day phishing.
The research and the app are detailed in the team’s position paper “Think Globally, React Locally — Bringing Real-time Reference-based Website Phishing Detection on macOS,” which was presented at the 14th International Workshop on Socio-Technical Aspects in Security (STAST 2024).
A fresh technique to thwart credential harvesting
Almost 5 million unique phishing web pages were published in 2023, and cybercriminals are getting better at pushing them to the top results of search engine queries. The phishing surge is so massive that security products have to make every second count to update their blacklists and protect users from new threats.
Our research describes the prototype that instantaneously identifies the risk of credential harvesting on spoofed websites. It’s a combination of computer vision and machine learning that runs locally on the device to spot zero-day phishing. The prototype is tailored to macOS and, of course, to protection of user data.
An opportunity to connect over the shared goal
Hosted by the IEEE Symposium on Security and Privacy, STAST 2024 is a one-day workshop where experts in computer security, social, and behavioral studies exchange ideas on designing secure systems. Presentation of our research to the scientific community marks a major milestone in Moonlock’s work, and we couldn’t be prouder of our team!
The workshop proved the demand for better anti-phishing tools, and we are grateful for the feedback and input from the attendees. We are coming home full of fresh ideas to expand the possibilities of the prototype. After all, if we integrate it deeper into messaging applications and email clients, we can build the ultimate anti-phishing protection tool for all Mac users.
The position paper was originally uploaded to arXiv.org
