Google Safe Browsing missed 84% of phishing sites discovered in February, according to new data from Huginn, an active phishing discovery tool. Over the month, Huginn processed URLs from public threat intelligence feeds and identified 254 confirmed phishing websites. When checked against Google Safe Browsing at the time of discovery, the tool flagged only 41 sites, leaving 83.9% undetected.

This high miss rate reveals a fundamental limitation of blocklist-based detection: it's reactive. Phishing pages are often short-lived by design, with attackers setting up pages, launching campaigns, harvesting credentials, and taking them down before detection occurs. By the time blocklists catch up, the damage is already done. The data also showed that 149 of the 254 phishing sites were hosted on legitimate platforms like Weebly, Vercel, and GitHub, making them impossible to block at the domain level.

In contrast, Muninn's deep scan caught every single phishing site with zero false negatives, though it flagged all legitimate sites as suspicious. The tool's automatic scan, which runs without user interaction, correctly identified 238 of 254 phishing sites. The findings highlight how sophisticated phishing has become, with attackers using techniques like two-stage credential harvesting and hosting malicious content on trusted infrastructure to evade traditional detection methods.