91% of cyberattacks
start with an email.
Gmail filters spam.
But well-crafted phishing emails get through.
Fake OVH invoice. Fake PayPal renewal. Fake message from your bank.
Everything looks real - except the 7 signals that PhishGuard detects in seconds.
Every email hides
invisible signals.
PhishGuard analyzes them in parallel - in seconds.
Sender identity
SPF · DKIM · DMARCDoes the email really come from who it claims to be? An email without valid authentication is the #1 signal of phishing. PhishGuard checks it before you even open it.
Domain age
A domain created 48 hours ago sending you an "urgent invoice"? PhishGuard detects it. Real senders have old domains.
Psychological manipulation
"Your account will be suspended in 24h." "Action required immediately." PhishGuard analyzes the language to detect artificial urgency and pressure techniques.
Hidden links
Shortened links hide their real destination. PhishGuard resolves and checks them on VirusTotal - before you click.
3 URLs checked in 0.4s - 1 flagged as malicious.
Impostor domains
paypa1.com is not paypal.com. amaz0n-security.com is not amazon.com. PhishGuard spots domains that imitate real ones by one letter.
Attachments
That "invoice" PDF might contain malware. PhishGuard checks the fingerprint of each attachment on VirusTotal before you even download it.
Tracking pixels
informationalInvisible 1x1 pixel images confirm that your address is active - and that you read your emails. PhishGuard detects them and alerts you - so you know who's watching you.
A real email.
Analyzed in seconds.
This email imitated a domain renewal notification. The subject was credible. The design was clean. Nothing seemed suspicious to the naked eye.
SPF/DKIM/DMARC invalid, suspicious Reply-To.
Artificial urgency + suspicious call to action.
Redirect chain + login page detected.
Domain created 15 days ago, Safe Browsing clean.
No suspicious character.
Unauthenticated sender + young domain + manipulative content.
No attachment.
No tracking pixel.
This is not a mockup. It's a real email analyzed during the development of PhishGuard.
Without PhishGuard, this email looked like a legitimate email.
With PhishGuard, the 3 warning signals were visible in seconds.
30 seconds to protect your inbox.
Install the extension
Click. Install. Done. No credit card. No configuration.
Open an email in Gmail
PhishGuard only triggers when you decide. No automatic scan. You stay in control.
Click "Analyze"
All 7 signals are checked in parallel. Result in seconds.
Read the verdict
Each signal is detailed so you understand why.
We don't read your emails.
Here's exactly what we do.
When you run an analysis, PhishGuard sends to our server:
What we send
- The sender's domain (not the full address)
- Technical headers (SPF, DKIM, DMARC)
- The body text (to detect manipulation)
- URLs found in the email
- Attachment fingerprints (the hash, not the file)
What we never do
- Read your emails without your explicit action
- Share anything with third parties
Your email content is deleted from our servers as soon as the analysis is complete. Only the score and signals are kept - never the content.
GDPR compliant · No personal data retained
A security developer,
based in Paris.
PhishGuard is developed by Hadi Mouter, full-stack developer specialized in application security.
Not a funded startup. Not a corporate product. A tool built by someone who needed it themselves - and made it accessible to everyone.
Start for free.
Go Pro when you need it.
Free
- 10 analyses per day
- All 7 signals included
- No credit card required
Enough for daily personal use.
Start for freePro
- 100 analyses per day
- Email support
For freelancers and independents who receive a lot of emails.
Go ProTeam
- Unlimited analyses
- Priority support
- Team management, dashboard and reportingcoming soon
For small businesses and small teams on Gmail.
Contact the teamFree · No credit card
Frequently asked questions
The next phishing email might be
already in your inbox.
Install PhishGuard in 30 seconds.
Free. No credit card. No commitment.