2 comments

  • bradknowles 11 minutes ago
    If I wanted to phish for personal information that I could use for other attacks, I would set up a public service where people could send all their apparent scams and then go looking for all the personal data that is leaking through.

    I could even make it seem legit by using the collected data to block any of my competitors, and only “accidentally” allowing through the attacks that I make or that are made by my real customers.

  • not_your_vase 23 hours ago
    You know how would this be extremely useful? If it was built into the browsers (like the deceptive website warning) and into chat apps - and it would warn real time, as the scam happens. I guess there are some value in this form too, but it's more like after-the-fact analysis for the majority of the users (you either know right away that it's a scam, or you start thinking later "oh... was I just scammed? let me try investigating".

    Of course I realize the privacy questions this raises... but still.

    • ngalongc 9 hours ago
      That's indeed a good idea, we definitely share the same thought process as you, because we built AntiPhish.AI exactly in the way you described it. It is a Chrome extension specifically for gmail inbox security, it gives red flags when it see any scam attempts.

      About the privacy concerns, we gave a lot of thought about it as well, for now we just pass everything to openai and leave nothing in our system, but in the future we think the best way to handle privacy is open source AntiPhish.AI so that everyone can self-host their own anti-phishing solution.