About PhishGuard — Made-in-India Phishing Detection

Free, ML-powered URL safety scanning built by two brothers from India. No sign-up wall, no data harvesting — just faster, smarter protection against phishing scams.

Quick answer: PhishGuard is a free phishing-link scanner founded in 2024 by Kuldeep Tiwari and Aman Tiwari in India. It runs 55+ security checks plus an XGBoost machine-learning model on any URL and returns a verdict in under 3 seconds. It reaches 96.75% accuracy on Indian phishing samples and covers 157+ Indian and global brands. The core scanner is free forever — no login required.

Why we built PhishGuard

India loses billions of rupees every year to online fraud. UPI payment scams, fake KYC pages for Aadhaar and PAN, "bank account frozen" SMS attacks, counterfeit IRCTC refund pages, fake job-offer links on WhatsApp — the volume and the velocity of Indian phishing keeps rising, and most of it lands in messaging apps rather than email. Yet most URL-safety tools available in 2024 were trained on Western brands and datasets, and missed local patterns entirely. A tool that has never seen SBI, HDFC, ICICI, Paytm, PhonePe, IRCTC, or UIDAI simply cannot spot when a domain is impersonating them.

We started PhishGuard to close that gap. Every check — from typosquat detection and homograph analysis to brand-impersonation matching — is tuned first for the sites Indians actually use, and then extended to the global brands (Amazon, Google, Microsoft, PayPal, and dozens more) that scammers target US and international users with. Because the same model works on any URL, PhishGuard is equally useful in the US, the UK, and everywhere else — but it will always be an India-first product.

The team

KT

Kuldeep Tiwari

Co-founder · Backend, ML pipeline, threat intelligence

AT

Aman Tiwari

Co-founder · Frontend, product, UX

Kuldeep leads the detection engine — the feature extractor, the XGBoost model, the WHOIS and SSL enrichment pipelines, and the ongoing threat-intelligence work that keeps the brand-impersonation lists current. Aman leads the product surface: every tool page, the scanner UX, the awareness content, and the accessibility work. Reach either of us at hello@phishguard.co.in.

What PhishGuard actually does

Every URL you submit is run through a nine-layer analysis that combines 55+ heuristic rules with a machine-learning model trained on hundreds of thousands of confirmed phishing samples. The layers are:

Accuracy

On our internal test set of Indian phishing samples the model reaches 96.75% accuracy. Accuracy on Western brands is comparable because the underlying features (domain age, SSL grade, brand distance) generalise well. No detection system is perfect — we recommend treating any "Suspicious" or worse verdict as a hard stop.

55+
Safety checks
96.75%
Accuracy (IN samples)
157+
Brand targets
🇮🇳
Built in India

Our principles

Privacy first

We don't sell scan data. We don't share it with advertisers or data brokers. Guest scans aren't tied to any account. Registered accounts exist only so you can see your own history and get an API key. Scan results are cached briefly for performance, and that's it.

Free forever for individuals

The core scanner and awareness content will always be free. Paid tiers only exist for developers and businesses that need higher API rate limits and webhook delivery. If you're a citizen trying to protect a family member from a UPI scam, PhishGuard costs nothing and always will.

Transparent scoring

Every scan report shows exactly which signals fired and why — the WHOIS age, the SSL grade, the brand distance, the ML score, the redirect chain. No black-box "trust us" verdicts. If you disagree with a result you can see exactly what the model saw.

If you already clicked a phishing link

If you entered credentials, shared an OTP, or made a payment, act fast: call India's cybercrime helpline 1930 immediately (24×7). File a complaint at cybercrime.gov.in. Acting within the first hour maximises the chance of recovery. Change the password of any account whose credentials were entered, from a device you trust. Do not click any follow-up "verify" links — call your bank's official helpline directly instead.

Explore the toolkit

Get in touch

Bug reports, brand-impersonation false positives, partnership requests, and feature ideas are all welcome. Reach us at hello@phishguard.co.in, or via the feedback form on the home page.