(Zero) Trust Decision Assistant Concept/Demo

The ASD's Annual Cyber Threat Report 2024-2025 listed Phishing in the top 3 most common activity types leading to critical infrastructure-related incidents.

Phishing, a type of social engineering, was recorded as an initial access technique in 38% of the incidents reported to ASD’s ACSC in FY2024–25. Phishing, Compromise Accounts, and Gather Victim Identity Information were the top 3 observed techniques across government and non-government incident reports.

The Average self-reported cost of cybercrime per report for 2024-2025:

-Individuals, up 8% ($33,000)

-Businesses, up 50% overall ($80,850)

-Small business: $56,600 (up 14%)

-Medium business: $97,200 (up 55%)

-Large business: $202,700 (up 219%)

While most organisations do have anti-phishing controls, those controls mostly reduce volume, they don’t eliminate the core failure:

A human still has to decide whether to trust what’s in front of them.

We aim to make hidden identity deception clearly visible and give users a fast verification path at the exact moment it matters.

This isn’t an anti-phishing filter. It’s a human verification aide. For the 1–5% of messages that slip through, this aims to help to prevent costly mistakes.

We aim to build this into a trust decision assistant that reduces the potential for human error in trust decisions by making hidden/malicious identity cues clearly visible and checkable at the point of action, whilst advocating a zero trust mindset in all scenarios.

Giving the human layer of cyber defence the best chance at successful detection.

Proof of concept/demo features

Copy an email address and the app displays:

-The original email address

-A spaced, lower-case monospace view to make look-alike characters easier to spot (e.g. I/l, rn/m, vv/w)

-A Punycode view to surface internationalised characters (IDN) and homoglyphs

-A red warning when non-ASCII characters are detected

Tip: Enable “Auto-detect from clipboard” (recommended for best user experience). When you copy text (for example a sender), Phish Inspect will attempt to extract any email addresses and add them to the list for inspection.

Planned features:

-Gmail and Outlook as native platforms

-Teams/Slack/browser extension/Iphone/android/macOS versions/integration

-Instead of copying as the trigger, automatic address check for selected email with optional domain checks/sidepane UI "just there" presence

-Auto-detect and inspect all addresses present in an email

-Detect and Display all actual link/button URLs

-Optional/automated Email spoof checking (DKIM and SPF key)

-Quishing Check (qr code detection and actual URL display)

-Expansion of malicious signal checks

-Refer users to confirmation of payee services (for bank account number payee name check)

-Punycode conversion reversed, EG If the address is normalised in the email service as "xn--80ak6aa92e" we will show it as intending to be "аррӏе" highlighting the suspicious/malicious intent

-User guidance for non technical users

-Report generation mechanism

**This program should be compatible with windows 10/11 however it has only been tested on windows 11

Note: A legitimate-looking address does not guarantee a legitimate email. Accounts can be compromised and insiders can misuse access. Treat suspicious activity, unexpected links, attachments, and payment requests with caution and verify via a trusted method.

Microsoft and Outlook are trademarks of the Microsoft group of companies. This application is not affiliated with, endorsed by, or sponsored by Microsoft.