Safeguarding the confidentiality and integrity of users’ sensitive information—such as passwords and PIN codes—remains a major challenge in the evolving landscape of cybersecurity. Every day, millions of users are exposed to deceptive login pages designed to illicitly capture private data. Attackers leverage numerous techniques, including phishing emails, click-jacking, malicious advertisements, malware, SQL injection, session hijacking, man-in-the-middle attacks, denial-of-service attacks, and cross-site scripting. Among these, web spoofing (or phishing) stands out as one of the most prevalent threats, wherein attackers create fraudulent replicas of legitimate web pages to steal user credentials. Existing countermeasures often struggle with issues of latency and detection accuracy. To address these limitations, we propose a client-side defense mechanism based on machine learning to accurately detect spoofed web pages and shield users from phishing attacks. As part of this work, we developed PhishCatcher, a Google Chrome extension that implements a Random Forest classification model to determine whether a given login page URL is legitimate or suspicious. The model analyzes four categories of web features to classify webpages effectively. Extensive experiments conducted on 400 phishing and 400 legitimate URLs demonstrate that PhishCatcher achieves a high detection accuracy of 98.5% and an equivalent precision rate. To evaluate performance efficiency, latency was measured across 40 phishing URLs, with results showing an average response time of only 62.5 milliseconds. These findings highlight the effectiveness, reliability, and real-time capability of the proposed client-side phishing detection system.
