Systems and methods for detection of suspicious phishing webpages are provided. According to one embodiment, a client device captures an image pertaining to a webpage attempted to be accessed via the client device and generates a fingerprint of the webpage based on application of a hash function to the captured image. For each phishing fingerprint within a phishing fingerprint database containing fingerprints associated with known phishing webpages, the client device determines a similarity measure between the generated fingerprint and the phishing fingerprint by comparing the generated fingerprint with the phishing fingerprint such that when the similarity measure meets a threshold, the client device identifies the webpage as potentially being a phishing webpage. The phishing fingerprint database periodically receives an update containing new fingerprints from an online security service.
展开▼