unPhish

Inspiration

Phishing attacks often start with something as simple as an email or message that looks harmless, maybe it claims you’ve won a gift, need to verify your account, or update your password. But when you click the link, you’re taken to a fake website that looks legitimate. These sites are designed to steal your personal information, like your passwords, bank details, or login credentials. The scary part is: most users can’t tell the difference between a safe website and a phishing one That’s where unPhish comes in, a simple Chrome extension that helps users identify potentially dangerous sites before they interact with them. With this, users can be more informed and protected online, and hopefully avoid falling victim to phishing attacks.

What it does

unPhish is a Chrome extension that checks the URL of the page you're currently visiting and flags it as:

Dangerous: if it matches high-risk patterns. (e.g., IP address-based URLs, brand spoofing, homograph attacks)
Caution: if it shows medium-risk indicators. (e.g., phishing keywords, insecure protocol, odd TLDs)
Safe: if no threats are found. The warning is displayed directly in the extension popup with a clear color-coded status message.

How I built it

I built unPhish using:

HTML, CSS, and JavaScript to create the extension interface and logic.
Chrome Extension APIs (Manifest v3) to access the current tab and read the URL.
JavaScript regex and string logic to detect:
1. IP-based URLs
2. Suspicious top-level domains (.xyz, .tk, etc.)
3. Homograph attacks (e.g., xn--)
4. Brand spoofing using character substitutions (go0gle, paypa1)
5. Suspicious keywords (login, secure, verify, etc.)
Visual feedback (color-coded messages and emojis) to indicate risk level. The entire project runs locally, no backend needed, and is fully privacy-safe.

Challenges I ran into

Avoiding false positives, like when the extension flagged legitimate domains (e.g., www.paypal.com) as phishing.
Designing a smart but simple brand spoofing detection algorithm that uses letter substitutions. (e.g., replacing o with 0, l with 1)
Making the extension responsive and reliable across different kinds of pages and domain formats.

Accomplishments that I'm proud of

Successfully built a fully working Chrome extension that detects phishing threats in real time.
Designed and implemented a multi-level threat detection system. (Safe / Caution / Danger)
Built a functioning spoof detection system without relying on any third-party backend or API.
Created a clean, user-friendly popup UI that communicates the site's risk level.

What I learned

This was my first time working with JavaScript. Through this project, I gained hands-on experience with core JavaScript concepts, including conditionals, string manipulation, regular expressions, and the URL object.
I learned how to configure manifest.json correctly for Chrome's Manifest v3, which was tricky at first but crucial for the extension to work.
I learned how to handle confusing distinctions in web URLs, especially the difference between hostname, pathname, and full URLs, which initially caused issues in detection.
I explored homograph attacks (e.g., domains like xn--pple-43d.com that impersonate apple.com), a subtle and dangerous trick I hadn’t heard of before. Learning about this added depth to my understanding of phishing techniques.
I also realized how easy it is to spoof legitimate domains by replacing characters (like using 0 instead of o, or l instead of 1), and how to detect such patterns using logic and substitutions.
Lastly, I gained a deeper appreciation for the security mindset, how attackers think, and how to build tools that help users defend themselves without overwhelming them.