The Problem:
- Simply Blocking Urls is not enough to train users to relate submissions to urls.
- 2021 25 % of all phishing breaches will occur from a mobile device broswer. -reference owasp-top 10
- Can we create eyes and ears for the client on minimal premissions and processing power ?
The objective was to use peoplecentric methods to help train users on what urls they are submitting to. The idea was inspired by the https lock so many users are familre with. I then started to wonder if there was a way to do this with input DOM data. if a client asked us if a url was a phishing scam or not, how do we know?
-- where is the data going -- what url is the user providing data to.
can we do this for our clients when they vist a login? By leveraging colors, a neurologic trigger to subconsciously train users into looking at where information is being sent. This helps provide postive feedback to users and data to proofpoint. The tool was designed to work in the broswer as it can work on mobile or laptop devices. mobile devices can often end up concealing signs indicative of potential phishing attacks and other cybersecurity threats. That said, security experts predict that in 2021, 25 percent of all data breaches will involve off-premises assets and mobile devices.