A method to block overlay phishing attempt is described. In one embodiment, the method includes detecting a first application displaying a page of the first application on a display of a computing device, detecting a second application displaying a page of the second application on the display of the computing device, upon detecting the second application displaying the page of the second application, comparing a schematic representation of the page of the first application to a schematic representation of the page of the second application, and determining whether an overlay phishing attempt occurs based at least in part on the comparing.