Wait, 2FA can be phished?!

PhishAR is the only second factor authentication (2FA) application based on one-time passwords (OTP) that prevents phishing attacks with a seamless analysis of user's computer screen.


Convenient two-factor authentication resistant to phishing attacks

If you care about your digital security, you most likely have 2FA already turned on for most important services. That's great.

However, you might not be aware that existing 2FA apps still leave you completely vulnerable to latest credential phishing attacks. Click here or here to learn more.

Core Technologies

ML-based Phishing Detection

Machine Learning enables PhishAR to understand what is being shown on user's screen and to semantically analyze the content of the camera feed to detect phishing attempts.

Computer Vision

Optical Character Recognition and Screen detection technologies are what make the application able to localize and recognize both textual and graphical screen content.

Augmented Reality Interactions

Providing the feedback in AR, directly on the screen where the web content is displayed, helps users recognize security threats in context where they originally occur.

Watch Demo Video

See how PhishAR keeps you safe from credential phishing.

How PhishAR works

You just have to scan your browser's address bar with PhishAR and it will automatically detect the URL. In case you are visiting an authentic website, it will present you with the corresponding 2FA code.

That's pretty handy, but what makes PhishAR especially powerful is the fact that it will warn you when you visit a phishing website, thus protecting you from potentially disclosing confidential data to a malicious third party.

Scan the address bar
Authentic website
Phishing attempt

Online Dashboard

Important information in one place and in a timely manner

Online dashboard provides an overview of potential phishing security threats across whole organizations, at a glance. The real-time information allows you to promptly act upon phishing attacks and defend against them.

Even in the worst-case scenario, when some of the users' accounts have been compromised, you have the ability to quickly revoke their credentials and prevent any further security damage to your organization.

The Team

We are a team of computer science academics and researchers from the University of Oxford with years of experience working in the intersection of systems security, augmented reality and computer vision.


Prof. Ivan Martinovic


Dr. Ivo Sluganovic


Klaudia Krawiecka

Coming soon

PhishAR E-mail


Information about e-mail security threats displayed immediately and in context

Another product based on the technology described above, PhishAR E-mail is capable of real-time detection and analysis of digital screens through its camera feed. By overlaying information on the screen in the AR world, the application helps users navigate the user interface of their e-mail client and gives feedback about potential phishing threats in the e-mail. This immersive and interactive experience is highly educational, drives user engagement, and leads to behavior change, teaching you how to intuitively detect phishing.

Play Demo Video

PhishAR E-mail showcase.