1. Activate CallingID component that stores and updates a database of URLs
2. Listen to all HTTP and HTTPS communication and when a request to get a URL that its initial part is identical to one of the URLs in the database is detected, before submitting the request send a message to the user that the URL is malicious. The user can agree and in this case the request will not be sent, or disregard.