To address the lack of generic, real-time defenses against web-based behavioral manipulation attacks—such as scareware, fake download prompts, and tech-support scams—this paper proposes the first end-to-end, in-browser, lightweight defense framework. The framework leverages pixel-level visual page analysis coupled with an efficient machine learning classifier, implemented as a cross-platform (desktop and mobile) browser extension for real-time detection and blocking—without uploading any user data, thereby preserving privacy. Its core innovation lies in enabling the complete defense pipeline—from visual perception to decision-driven interception—entirely on the client side. It demonstrates strong generalization: achieving >97% detection accuracy on previously unseen attack samples observed months after model training, >99% precision at 1% false positive rate, low inference latency, and minimal resource overhead—demonstrating practical deployability.

Web-based behavior-manipulation attacks (BMAs) - such as scareware, fake software downloads, tech support scams, etc. - are a class of social engineering (SE) attacks that exploit human decision-making vulnerabilities. These attacks remain under-studied compared to other attacks such as information harvesting attacks (e.g., phishing) or malware infections. Prior technical work has primarily focused on measuring BMAs, offering little in the way of generic defenses. To address this gap, we introduce Pixel Patrol 3D (PP3D), the first end-to-end browser framework for discovering, detecting, and defending against behavior-manipulating SE attacks in real time. PP3D consists of a visual detection model implemented within a browser extension, which deploys the model client-side to protect users across desktop and mobile devices while preserving privacy. Our evaluation shows that PP3D can achieve above 99% detection rate at 1% false positives, while maintaining good latency and overhead performance across devices. Even when faced with new BMA samples collected months after training the detection model, our defense system can still achieve above 97% detection rate at 1% false positives. These results demonstrate that our framework offers a practical, effective, and generalizable defense against a broad and evolving class of web behavior-manipulation attacks.