alt Hacker NewsMetaMask (the crypto wallet) has one that shows warning pages to all domains that are remotely similar to crypto-related domains, and it is very prone to false positives and annoying. They have to maintain a list to skip the detection for real domains, and it's really inefficient.
Feels like this kind of detection is hard to balance, and calling legit websites possible phishing might be problematic...
Seems like the kind of problem LLMs would be perfect for. ChatGPT does a great job at giving a score of whether domains are attempting to appear legitimate, but of course no one wants their browsing history being sent off to OpenAI. Unfortunately from my testing local 4B-7B LLMs aren't up to the task.