Abstract: The technology described herein identifies and mitigates phishing attempts by analyzing user input received at the operating system level. Initially, a credential, such as a username or password, is registered with the threat detection system. The technology described herein intercepts user input at the operating system level, generates a hash of the input, and compares it with a hash of a credential being monitored. A credential entry is detected when a hash for the character string entered matches a hash for a credential being monitored. The technology described herein will perform a threat assessment when a secret entry is detected. The threat assessment may use the application context and the network context as inputs to the assessment. Various mitigation actions may be taken when a threat is detected.

Abstract: Embodiments of the technology described herein identify and mitigate phishing attempts by analyzing user input received at the operating system level. Initially, a credential, such as a username or password, is registered with the threat detection system. The technology described herein intercepts user input at the operating system level, generates a hash of the input, and compares it with a hash of a credential being monitored. The technology described herein will perform a threat assessment when a secret entry is detected. The threat assessment may use the application context and the network context as inputs to the assessment. When the threat assessment results in an unknown classification or when the snapshot is otherwise requested, a snapshot is captured to supplement the threat assessment. Based on user settings, the snapshot is consumed by a snapshot phishing machine learning model. Various mitigation actions may be taken when a threat is detected.

Abstract: The technology described herein identifies and mitigates phishing attempts by analyzing user input received at the operating system level. Initially, a credential, such as a username or password, is registered with the threat detection system. The technology described herein intercepts user input at the operating system level, generates a hash of the input, and compares it with a hash of a credential being monitored. A credential entry is detected when a hash for the character string entered matches a hash for a credential being monitored. The technology described herein will perform a threat assessment when a secret entry is detected. The threat assessment may use the application context and the network context as inputs to the assessment. Various mitigation actions may be taken when a threat is detected.