Our extension scans the website’s source code and detects credential input forms within it prior to being displayed to the end user. If credential input forms are detected within the website’s source code, the end user can either be presented with a customizable warning prompt, or the site could be blocked from displaying. In order to decrease the number of false-positive detections, the extension has a pre-built whitelist of well-known legitimate domains which can’t be used to host phishing content. Moreover, the end user is able to customize the whitelist by including additional domains that they are visiting.
