Should I Click

A MACHINE-LEARNING BASED TOOL TO ANALYZE IF A URL IS SAFE TO CLICK OR NOT, CREATED BY FRANTIŠEK STŘASÁK

“Should I Click” is a new web service that can help you decide if you should click on a suspicious link or not. It uses machine learning systems that were trained with thousands of real attack pages. To use it, you only put the link on the web page of “Should I Click” and it will let you know how safe it is to click on it. Moreover, it will tell you why it is not safe and it will allow you to give feedback. Read the full research on František’s Master Thesis.

This service was born with the aim of protecting the civil society, journalists, activists, and people at risk from targeted attacks.

Scam websites are one of the phishing attacks that Should I Click can help you discover.

Scam websites are one of the phishing attacks that Should I Click can help you discover.

Evil twin websites are a second type of the phishing attacks, heavily used in targeted attacks, that Should I Click can help you identify.

Evil twin websites are a second type of the phishing attacks, heavily used in targeted attacks, that Should I Click can help you identify.

How does Should I Click work?

Once the user inserts the URL to check, the service will automatically download all possible information from the website, will extract features from the downloaded resources, and will run a series of machine learning algorithms to process these features and give a final verdict. The data from the website is accessed directly from Civilsphere servers, and also using the service https://urlscan.io/. The service also runs special virtual machines to analyze in real time if the JavaScript code of the webpage is trying to attack your browser or not. After all the data is processed, features are extracted and the machine learning algorithms give a verdict on the URL.

Why you should use it?

The “Should I Click” service is important because most targeted attacks, spam and phishing campaigns arrive as a URL link to your email and SMS. This is the main attack vector and the most difficult to stop. Therefore “Should I Click” can provide a paramount protection, in real time, for people at risk. Clicking in a suspicious URL can give the attacker complete access to your data and computer.

Interested in the technical details?

The “Should I Click” tool and service is part of the master thesis work of František Střasák, to read more about the technical details, please visit the service website where you can find more details about the tool: https://www.shouldiclick.org/how_does_it_work.html

Feel free to send comments and bug reports to civilsphere@aic.fel.cvut.cz.