FAQ - Frequently Asked Questions

  • CheckPhish is a real-time URL and website scanner. Once a URL is submitted, our engine spins up an automated headless browser to capture a live screenshot, natural language content on the webpage, DOM, WHOIS, and other essential information.

    The engine sends this information to multiple deep learning models in the backend that can recognize essential signals like brand logos, sign-in forms, and intent. Our engine then combines these signals with our proprietary threat intel data to identify phishing and scam pages.
  • You can use CheckPhish by registering at   CheckPhish AI  Upon registering, you can access the bulk scanning feature and API-based scanning along with CheckPhish's advanced API dashboard.

    If you have trouble signing up/ logging in, please reach out to us at @checkphish on Twitter.
  • Each scan on CheckPhish has a brand and a verdict associated with it. List of verdicts:

    1. Phish: The scanned webpage is an outright replica of a legitimate brand's login page/ home page targeting its users.
    2. Scam: The scanned webpage infringes on a legitimate brand through gift card scams, fake online stores, etc. We suggest using it with the Category we predict when you see a scam verdict.
    3. Suspicious: The scanned web page does not have active infringing content on a brand but has a suspicious URL pattern. Example: www[.]brand-login[.]com
    4. Clean: The scanned webpage belongs to a legitimate brand or we do not find any phishing/ suspicious content on it.
  • Please use the Dispute button on the insights page to dispute a verdict rendered by our engine. User feedback help us improve our detection algorithms.
  • Please reach out to us at @checkphish on Twitter. We would love to hear from you and gather feedback.