ARCHIVES

Phishing attacks represent one of the most pervasive cybersecurity threats targeting internet users worldwide. Adversaries craft deceptive websites that closely imitate legitimate online services to harvest sensitive credentials, financial data, and personal information. Conventional blacklist-based browser defences are inherently reactive and fail to protect users against newly generated phishing domains and zero-day attacks not yet catalogued in threat intelligence repositories. This paper proposes a cross-browser real-time phishing detection framework implemented as a lightweight browser extension integrated with a FastAPI-based backend detection engine and a supervised machine learning pipeline. The proposed system extracts seven runtime behavioural indicators from active webpages—SSL certificate validity, login form presence, redirect chain length, suspicious keyword patterns, domain age, external script count, and URL Shannon entropy—and maps them to a 31-dimensional feature vector aligned with the UCI Phishing Website Dataset for inference by a trained RandomForest classifier. A hybrid scoring mechanism combines probabilistic ML output with a deterministic heuristic engine using: Final Score = 0.6 × ML Score + 0.4 × Rule Score, generating an interpretable 0–100 risk index with factor-level explanations. Experimental evaluation on 11,055 labelled samples yields 96.29% accuracy, 95.99% precision, 97.40% recall, and 96.69% F1-score, confirming the effectiveness of the proposed hybrid detection strategy. The framework is fully compatible with Chrome, Edge, Firefox, Brave, and Opera through the WebExtension API and Manifest V3 architecture, providing real-time alerts, overlay warnings, and a graphical risk dashboard.