Phishing attacks are a major cyber threat that continue to evolve and become more sophisticated, causing billions of dollars in losses each year according to the recent Internet Crime Report. However, traditional offline or inline phishing detection engines are limited in how they can detect evasive phishing pages. Due to the performance requirements of inline solutions, they can only target specific campaigns and, at best, act as a basic static analyzer. On the other hand, offline detection solutions heavily rely on crawlers to collect content and update a blocklist to enforce blocking phishing pages. They, too, are limited; offline tools cannot detect evasive phishing pages that present benign content to a crawler or short-lived campaigns that abandon the URL before it gets updated in the blocklist.
At Netskope, we have developed a deep learning-based Inline Phishing Detection Engine (DL-IPD) that can address all of these limitations. It allows us to inspect web content and block phishing web pages in real time, complementing our offline analyzers and blocklists. The model continuously learns the dynamic behavior patterns of phishing pages and can identify patient-zero and evasive phishing attacks. Similar to generative pre-training of large language models, such as BERT and ChatGPT/GPT-4, we use a large number of web pages to train the HTML encoder and then use it to build a phishing classifier. We have been awarded three U.S. patents for our innovative approach to phishing detection.
The Inline Phishing Detection Engine (DL-IPD) is available to all Intelligent SSE and Netskope Next Gen-SWG customers.. In this blog post, we will share some of the patient-zero and evasive phishing examples that our engine has detected.