lookyloo icon indicating copy to clipboard operation
lookyloo copied to clipboard
verified publisher icon Lookyloo

Phishing use case - improvement

Open Rafiot opened this issue 4 years ago • 2 comments

What is changing?

Right now, we have a weird malicious flag, it needs to go away.

The problem we want to solve is the following:

  • Legitimate site legit.com has a logo, with hash <hash>. The <hash> is not a phishing marker as long as it is on the legitimate site
  • The same hash is present on a site that is not legit.com. In that case, it should be marked as suspected phishing (Logo idea: fish with a question mark)

How will this impact users?

Help them to spot phishing cases more easily.

Rafiot avatar Apr 07 '21 21:04 Rafiot

create a check box for "suspected resource for phishing attacks (mark as legitimate for this site)" that will allow other sites it appears on to marked as "suspected phishing" based on the hash of the resource. I will need to make a suspected fishing icon, though this probably belongs in a instance annotation tool (vs a capture annotation tool) why am i giving myself more work to do

quinnnorton avatar Apr 08 '21 10:04 quinnnorton

A perceptual hash may also be interesting (or a more efficient logo recognition API => Google Cloud Vision?), as well as some metadata on images (including XMP). The main problem is to create the initial Hash DB with logos from all legit sites.

esellier avatar Mar 23 '22 21:03 esellier