Is this phishing?
Paste any email, text, or DM. PhishBlockAI returns a verdict, a threat score, and the specific red flags it found.
How it works
Three steps.
Paste a message or connect Gmail. We do the rest.
Paste or connect
Drop a suspicious message into the scanner, or link Gmail in one click.
We analyze it
The model checks sender authenticity, urgency tactics, link reputation, and language patterns.
Get a verdict
A threat score, the red flags we found, and a clear next step.
Product
What you get.
- 01
On-demand analysis
Paste anything — email, SMS, DM. Get a verdict with the red flags.
- 02
Gmail inbox scanning
Read-only OAuth. Risky threads surface as they arrive. Your mail is never stored.
- 03
PhishGuard assistant
Ask follow-ups: draft a cautious reply, check a domain, explain a tactic.
- 04
Org-wide protection
Invite teammates, share verdicts, and centralize phishing reports.
- 05
Detection API
Embed PhishBlockAI in your help-desk or internal tools with a single REST call.
Detection
What we look for.
The model is trained on millions of phishing samples and current attack patterns. These are the tactics it surfaces — and why each one matters.
Urgency pressure
"Verify within 24 hours." "Your account will be closed." Manufactured deadlines designed to short-circuit thinking.
Spoofed display names
A friendly "Chase Support" label hiding no-reply@chase-secure-verify.com. We compare the visible name against the actual sender.
Lookalike domains
paypa1.com instead of paypal.com. micros0ft.net. Homoglyphs, subdomain tricks, and TLD swaps the human eye misses.
Authority impersonation
Fake IT requests for passwords. CEO emails asking for gift cards. Bank notifications that don't match how your bank communicates.
Credential harvesting
Any message asking you to "confirm your password," "re-verify your identity," or "log in to keep access." Real services never do this.
Mismatched URLs
Text says "amazon.com" but the underlying link points to amazon-acct-help.tk. We parse the actual href, not just what you see.
Off-platform redirects
"Reply to my personal Gmail instead." Attackers move conversations off monitored systems before asking for money or credentials.
Payment & wire fraud
Gift card requests, last-minute wire instructions, "updated" vendor bank details. Common BEC patterns scored aggressively.
Dashboard
Every verdict, in one place.
Whether you're reviewing employee reports, validating a job offer, or checking a scholarship email — every workflow lands on the same clear verdict.
- Color-coded risk indicators
- Threat score with reasoning
- Saved scan history
Action required: unusual sign-in attempt
"PayPal Security" <no-reply@paypa1-help.com>
Remote position, $9,500/mo — interview today
recruiter@hire-remote-jobs.io
[PhishBlockAI] CI run completed
noreply@github.com
Mandatory password reset by EOD
it-help@company-support-portal.net
Built for
The people in the blast radius.
Phishing isn't an abstract risk. These are the moments where one wrong click ends a day, a job, or a quarter.
- 01
IT & security teams
Triage the user-reported phishing folder in minutes, not hours. Every employee report comes back with a verdict, a score, and the tactics involved.
- 02
Finance & operations
Catch invoice fraud, vendor impersonation, and CEO gift-card scams before the wire goes out. Built specifically against BEC patterns.
- 03
Hiring managers & recruiters
That cold recruiter pitch with the suspicious "$9,500/mo, interview today" subject line? Paste it, get a verdict before you respond.
- 04
Founders & freelancers
No IT department. No security team. Just you and a Stripe-shaped invoice that may or may not be real. Verify in five seconds.
- 05
Students & jobseekers
Scholarship scams, fake internships, "your application has been accepted, click to verify." Common targets, real consequences.
Pricing
Start free.
Every plan ships with the same detection engine.
Pro
For freelancers and power users.
- Unlimited scans
- Gmail inbox monitoring
- PhishGuard AI assistant
- Scan history
- Priority email support
Team
For 10+ seats.
- Everything in Pro
- SAML SSO
- Slack notifications
- Dedicated success manager
FAQ
Common questions.
Does PhishBlockAI read my emails?+
Only when you explicitly link Gmail. We use read-only OAuth, analyze in memory, and store no mail content. You can revoke access at any time.
Can I use it without signing up?+
Yes. The hero scanner on this page is fully functional with a small per-hour limit. Sign up to remove the limit and unlock Gmail.
What languages are supported?+
English, French, German, Spanish, Portuguese, and Japanese.
Is there an API?+
Yes — a single POST endpoint. Pro and Team plans get a key in the dashboard.