Abstract: A method and a system for phishing detection includes converting unauthenticated web content to a browser image, determining that the browser image has a visual similarity to visual characteristics of a legitimate website, determining that a top-level domain (TLD) of the unauthenticated web content is different from a TLD of the legitimate website, and responsively determining that the unauthenticated web content is a phishing attack.