Yes, there are several extensions and AI software with heuristics that can help detect sophisticated phishing attacks. These tools leverage advanced algorithms and machine learning techniques to analyze various aspects of a website or email and determine if it is potentially malicious. Here are a few examples:
1. Web browser extensions: There are various browser extensions available that can help protect against phishing attacks. These extensions often display a warning or block access to suspicious websites. Examples include Google's Safe Browsing extension, Avast Online Security, and McAfee WebAdvisor.
2. Anti-phishing software: Many antivirus and internet security suites include anti-phishing features. These software solutions use heuristics to analyze websites and emails, looking for signs of phishing attempts. They can detect suspicious URLs, fake login pages, and other phishing techniques. Examples include Norton Security, Kaspersky Internet Security, and Bitdefender Internet Security.
3. Email filters: Email providers and clients often employ AI-based filters to detect phishing emails. These filters analyze the content, sender information, and other factors to identify potential phishing attempts. They can flag suspicious emails, move them to spam folders, or even block them entirely. Examples include Gmail's spam filter, Microsoft Outlook's built-in protection, and third-party email security solutions like Mimecast.
4. Phishing intelligence platforms: Some organizations offer advanced phishing intelligence platforms that use AI and machine learning to detect sophisticated phishing attacks. These platforms analyze various data sources, including threat intelligence feeds, to identify new and emerging phishing threats. They can provide real-time alerts and actionable insights to help organizations stay protected. Examples include Phish.AI, Cofense Intelligence, and Ironscales.
It's important to note that while these tools can significantly enhance your protection against phishing attacks, they are not foolproof. Phishing techniques are constantly evolving, and attackers can sometimes bypass these defenses. Therefore, it's crucial to maintain a healthy level of skepticism, stay updated on the latest phishing trends, and follow best practices like not clicking on suspicious links or providing personal information unless you are certain of the legitimacy of the request.
Some of the top products, especially the ones with HTTPS scanning employ local heuristics as well as cloud based for detecting phishing attempt. In my experience these are Avast, Bitdefender, ESET and Kaspersky. These detections most times won't show up on VirusTotal.
Besides these everyone uses heuristics anyway eg: SmartScreen available on MS Edge, Google Safe Browsing on Chrome when Enhanced Protection is turned on, etc.