Why we built PhishGuard
India loses billions of rupees every year to online fraud. UPI payment scams, fake KYC pages for Aadhaar and PAN, "bank account frozen" SMS attacks, counterfeit IRCTC refund pages, fake job-offer links on WhatsApp — the volume and the velocity of Indian phishing keeps rising, and most of it lands in messaging apps rather than email. Yet most URL-safety tools available in 2024 were trained on Western brands and datasets, and missed local patterns entirely. A tool that has never seen SBI, HDFC, ICICI, Paytm, PhonePe, IRCTC, or UIDAI simply cannot spot when a domain is impersonating them.
We started PhishGuard to close that gap. Every check — from typosquat detection and homograph analysis to brand-impersonation matching — is tuned first for the sites Indians actually use, and then extended to the global brands (Amazon, Google, Microsoft, PayPal, and dozens more) that scammers target US and international users with. Because the same model works on any URL, PhishGuard is equally useful in the US, the UK, and everywhere else — but it will always be an India-first product.
The team
Kuldeep Tiwari
Co-founder · Backend, ML pipeline, threat intelligence
Aman Tiwari
Co-founder · Frontend, product, UX
Kuldeep leads the detection engine — the feature extractor, the XGBoost model, the WHOIS and SSL enrichment pipelines, and the ongoing threat-intelligence work that keeps the brand-impersonation lists current. Aman leads the product surface: every tool page, the scanner UX, the awareness content, and the accessibility work. Reach either of us at hello@phishguard.co.in.
What PhishGuard actually does
Every URL you submit is run through a nine-layer analysis that combines 55+ heuristic rules with a machine-learning model trained on hundreds of thousands of confirmed phishing samples. The layers are:
- Domain intelligence. WHOIS creation date (newly registered domains are heavily weighted), registrar reputation, TLD risk score, DNS record consistency, and nameserver history.
- SSL/TLS analysis. Certificate validity, issuer trust, self-signed detection, expiry proximity, and protocol version. A brand-new certificate on a lookalike domain is a strong phishing signal.
- Brand impersonation. Levenshtein distance and homograph checks against a curated list of 157+ targets — Indian banks (SBI, HDFC, ICICI, Axis, Kotak), payment apps (Paytm, PhonePe, Google Pay), e-commerce (Flipkart, Amazon India, Meesho), travel (IRCTC, MakeMyTrip), and government portals (UIDAI, Income Tax, GST, EPFO, DigiLocker, UMANG, Passport Seva), plus global brands used to target international users.
- URL heuristics. IP-based URLs, punycode/homograph attacks, suspicious keywords, shortener chains, URL length, subdomain depth, special-character ratio, path depth, entropy score.
- Content signals. Hidden forms, credential-harvesting patterns, redirect abuse, cloaking indicators.
- Machine-learning score. An XGBoost model takes 55+ engineered features from the layers above and produces a 0–100 risk score calibrated against real-world Indian phishing datasets.
Accuracy
On our internal test set of Indian phishing samples the model reaches 96.75% accuracy. Accuracy on Western brands is comparable because the underlying features (domain age, SSL grade, brand distance) generalise well. No detection system is perfect — we recommend treating any "Suspicious" or worse verdict as a hard stop.
Our principles
Privacy first
We don't sell scan data. We don't share it with advertisers or data brokers. Guest scans aren't tied to any account. Registered accounts exist only so you can see your own history and get an API key. Scan results are cached briefly for performance, and that's it.
Free forever for individuals
The core scanner and awareness content will always be free. Paid tiers only exist for developers and businesses that need higher API rate limits and webhook delivery. If you're a citizen trying to protect a family member from a UPI scam, PhishGuard costs nothing and always will.
Transparent scoring
Every scan report shows exactly which signals fired and why — the WHOIS age, the SSL grade, the brand distance, the ML score, the redirect chain. No black-box "trust us" verdicts. If you disagree with a result you can see exactly what the model saw.
If you already clicked a phishing link
If you entered credentials, shared an OTP, or made a payment, act fast: call India's cybercrime helpline 1930 immediately (24×7). File a complaint at cybercrime.gov.in. Acting within the first hour maximises the chance of recovery. Change the password of any account whose credentials were entered, from a device you trust. Do not click any follow-up "verify" links — call your bank's official helpline directly instead.
Explore the toolkit
Get in touch
Bug reports, brand-impersonation false positives, partnership requests, and feature ideas are all welcome. Reach us at hello@phishguard.co.in, or via the feedback form on the home page.