Lots of people are getting phished these days. Here’s a screenshot from a successful attempt that changed the world:
Look familiar? This email was sent to John Podesta’s staff. With a tap and a few keystrokes, Mr. Podesta released his emails to the public, which were subsequently used to drive public opinion against Hillary Clinton.
Solutions to this problem feel unsatisfying. Two-factor via SMS is exploitable and many people (especially older folks) don’t have it set up as it’s hard to use. Browsers will always lose the cat-and-mouse game of keeping an up-to-date database of malware websites.
Why can’t we solve this problem like humans do? When I look at that email, it looks to me like an email from Google. But it isn’t from Google. Instead of trying to detect phishing with heuristics based on the text or DOM of the website, build a model that recognizes emails that look like they’re from Google (or Yahoo, or Facebook), but aren’t. Learn on the pixel level, like the human eye is doing. When you detect something is wrong, drape a big red flag over the website or email.
Computers are getting really good at understanding images. Wouldn’t it make sense for someone to build this?