How I Built a Machine Learning Model to Detect Phishing Attacks | by Aj | Aug, 2025

Press enter or click on to view picture in full measurement

The Slack message froze my blood: “Hey, are you able to approve this bill? Pressing!” My teammate Sarah had clicked a hyperlink mimicking our CFO’s signature. As our SOC workforce raced to comprise the breach, I stared on the malicious URL: https://payroll-company-invoices[.]com/login?redirect=azureonline[.]phish. That evening, I swore I’d construct one thing higher than reactive alerts.

Three months later, my customized phishing detector intercepted 12,000+ assaults earlier than they reached workers. Right here’s how I constructed it and how one can too.

Current options missed Sarah’s assault as a result of:

1. Signature-based instruments couldn’t catch zero-day domains
2. Heuristic filters flagged apparent typos (g00gle.com) however missed homographs (mícrosoft.com)
3. Worker coaching failed beneath urgency (that “Pressing!” topic line)

The perception? We wanted AI that understood:

• Linguistic manipulation patterns
• Behavioral context
• Infrastructure fingerprints