What our eyes can’t see, the brain fills in — one of the reasons we fall for phishing URLs

Paul Walsh
4 min readFeb 28, 2019


Researchers from the University of Glasgow have shown that when parts of our vision are blocked, the brain steps in to fill in the blanks.

The team from the Institute of Neuroscience and Psychology conducted a series of experiments that showed how our brains predict what cannot be seen by drawing on our previous experiences to build up an accurate picture.

The results show that our brains do not rely solely on what is shown to the eyes in order to ‘see’. Instead the brain constructs a complex prediction.

Dr Lars Muckli, from the University’s Institute of Neuroscience and Psychology said:

We are continuously anticipating what we will see, hear or feel next. If parts of an image are obstructed we still have precise expectation of what the whole object will look like.

When direct input from the eye is obstructed, the brain still predicts what is likely to be present behind the object by using some of the other inputs to come up with best ‘guesses’.

This is exactly what happens to people when looking at URLs.

Look closely at those domains again. One is real and the other is a phishing scam waiting to steal from you.

How one victim lost $7M

A new member of our community reported this phishing scam inside our Telegram group today, but not before it was too late — they lost their money (cryptocurrency). They also informed me that other victims lost their money — the single biggest loss was 2 MILLION EOS, or $7 MILLION USD — so far!

At the time of writing this post, the phishing site is still live and not blocked by Google Safe Browser, or any other security system, as far as we can tell.

I’ve taken screen shots of the phishing site, and of the legit site. As you and see below, the scam is an amazing counterfeit. By the way, have you spotted the difference between the domains yet? They both use a padlock — so can you trust them both?

Don’t rely on the padlock

According to a PhishLabs report, over half of all phishing sites have a padlock. Our data suggests that the number is higher — closer to 70%. As you can see from the websites above, they both have a padlock. Most people just look at the lock and assume they’re safe. What they don’t realize is that a lock only indicates that the site uses encryption.

A better way to verify website identity

This is where MetaCert comes in. We’re building a new and better way to display website identity inside the browser. We believe this is the best way to combat phishing and spear phishing. Our software does block known phishing sites, but that’s like playing whack-a-mole. 🤯 🔨

Most people think of email when they think about dangerous links. But the challenge is much bigger.

  • We live in a world where everything is shared or opened with a link; websites, bots, files, videos, tweets, Facebook posts…
  • And, organizations are changing how they collaborate — we now open and share links everywhere, everyday; by email, Slack, Skype, Dropbox…

How MetaCert is addressing the problem

Whether links are shared or opened inside a cloud service, email, Skype, Facebook, Slack or any other channel, you are fully protected by MetaCert. In fact, it’s virtually impossible to fall for a phishing scam when using our software. This is especially true for business and enterprise customers who give us their whitelisted domains to verify.

As you can see from the example above, all of our customers were automatically protected from this new phishing scam. They knew to avoid anything that doesn’t have the Green Shield. They know that if a URL is displaying the Black Shield, it’s possibly a new threat.

👉 MetaCert supports Chrome, Firefox, Opera and Brave. And you can use it for free for 30 days. Get protected.



Paul Walsh

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.