It's triggered on certain events, like a download or rendering a password field. First off it checks if you're on a domain thats "green" (safe/popular). for the top 100k domains (should be about 90% of browsing) that's just locally loaded and the page doesn't do anything. From there, there's a bunch of heuristics to see if it's on a flagged page. If it's not, so "unknown" a local ML model will run against the text of the page to see if it fits the patterns of a phishing page.
It was training on available datasets and shipped with the extension, so it does the checks in-browser against what it sees in an unknonwn situation.
how are you determining if it's a phishing site?
It's triggered on certain events, like a download or rendering a password field. First off it checks if you're on a domain thats "green" (safe/popular). for the top 100k domains (should be about 90% of browsing) that's just locally loaded and the page doesn't do anything. From there, there's a bunch of heuristics to see if it's on a flagged page. If it's not, so "unknown" a local ML model will run against the text of the page to see if it fits the patterns of a phishing page.
It was training on available datasets and shipped with the extension, so it does the checks in-browser against what it sees in an unknonwn situation.