We've developed a Chrome extension for detecting if a visited website is phish or not by comparing its content to the original, known good website.
The most updated code and instructions is available at:
2019-10-15: The information here is outdated and retained for archival purposes! Please check https://auntietuna.ant.isi.edu for the latest in developments!
AuntieTuna is a browser extension that checks if each visited page is a potential phishing website based on snapshots of known good websites that a user adds.
For example, a user first visits PayPal (Figure 1) and adds its snapshot using AuntieTuna (Figure 2).
AuntieTuna then checks every other page the user visits to see if it looks like or contains content from the original PayPal page. If it does, the page is detected as suspect phish and blocked.
For example, Figure 3 shows a detected PayPal-phish. The user is blocked from moving forward by AuntieTuna.
A paper describing additional details and usability of this work, AuntieTuna: Personalized Content-based Phishing Detection , was presented at the 2016 NDSS Usable Security Workshop.
An early version of this work was presented at the 2015 IEEE Security and Privacy poster session (2015-05-18) : abstract and poster.
We’d greatly appreciate it if you could alpha test our plugin!
v0.0.2 of the plugin compares and detects PayPal phish by default. Users personalize and add their own “known-good” sites as they browse.
In your testing, we’d like to know your experience with:
Please send email to email@example.com with questions, bugs, feature requests, patches, and any notes on your usage!
Copyright (C) 2016. University of Southern California. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.