Content deleted Content added
Chocolateboy (talk | contribs) de-spam links |
No edit summary |
||
| (290 intermediate revisions by more than 100 users not shown) | |||
Line 1:
{{Primary sources|date=August 2024}}
'''Anti-phishing software''' consists of [[computer program]]s that attempt to identify [[phishing]] content contained in [[website]]s, [[e-mail]], or other forms used to accessing data (usually from the [[internet]])<ref>{{Cite journal|last1=Chanti|first1=S.|last2=Chithralekha|first2=T.|date=2020-01-01|title=Classification of Anti-phishing Solutions|journal=SN Computer Science|language=en|volume=1|issue=1|pages=11|doi=10.1007/s42979-019-0011-2|issn=2662-995X|doi-access=free}}</ref> and block the content, usually with a warning to the user (and often an option to view the content regardless). It is often integrated with [[web browser]]s and [[email client]]s as a toolbar that displays the real [[___domain name]] for the website the viewer is visiting, in an attempt to prevent [[Internet fraud|fraudulent websites]] from masquerading as other legitimate websites.
Most popular [[web browser]]s comes with built-in anti-phishing and [[anti-malware]] protection services, but almost none of the alternate web browsers have such protections.<ref name="fraudprotectionbrowsers">{{cite web|last1=Aleksandersen|first1=Daniel|title=Most of the alternate web browsers don't have fraud and malware protection|url=https://www.slightfuture.com/security/fraud-protection-alternate-browsers|website=Slight Future|date=16 August 2016|accessdate=25 August 2016}}</ref>
[[Password manager]]s can also be used to help defend against phishing, as can some [[mutual authentication]] techniques.
== Types of anti-phishing software ==
=== Email security ===
According to [[Gartner]], "email security refers collectively to the prediction, prevention, detection and response framework used to provide attack protection and access protection for email." Email security solution may be : Email security spans gateways, email systems, user behavior, content security, and various supporting processes, services and adjacent security architecture.<ref>{{Cite web |last=Gartner Inc. |title=Best Email Security Reviews 2023 {{!}} Gartner Peer Insights |url=https://www.gartner.com/market/email-security |access-date=2023-07-18 |website=Gartner}}</ref>
=== Security awareness computer-based training ===
According to Gartner, security awareness training includes one or more of the following capabilities: Ready-to-use training and educational content, Employee testing and knowledge checks, Availability in multiple languages, Phishing and other social engineering attack simulations, Platform and awareness analytics to help measure the efficacy of the awareness program.<ref>{{Cite web |last=Gartner Inc. |title=Best Security Awareness Training Software Reviews 2023 {{!}} Gartner Peer Insights |url=https://www.gartner.com/market/security-awareness-computer-based-training |access-date=2023-07-18 |website=Gartner}}</ref>
== Client-based anti-phishing programs ==
* [[Avast Software|avast!]]
* [[Avira security software|Avira Premium Security Suite]]
* [[Earthlink]] ScamBlocker (discontinued)<ref>{{cite web|title=EarthLink ScamBlocker|url=https://www.earthlink.net/scamblocker|website=EarthLink|date=2006-09-01}}</ref>
* [[eBay]] Toolbar <ref>{{cite web|title=eBay Toolbar|url=https://www.ebay.com/help/account/account-security/ebay-toolbar|website=eBay|date=2007-03-15}}</ref>
* [[Egress Software|Egress]] Defend<ref>[https://www.egress.com/products/email-security/defend Egress Defend]</ref>
* [[ESET Smart Security]]
* [[G Data Software]] G DATA Antivirus
* [[GeoTrust]] TrustWatch p<ref>{{cite web|title=GeoTrust TrustWatch|url=https://www.geotrust.com/products/trustwatch/|website=GeoTrust|date=2010-11-02}}</ref>
* [[Google Safe Browsing]] (used in [[Firefox|Mozilla Firefox]], [[Google Chrome]], [[Opera (web browser)|Opera]], [[Safari (web browser)|Safari]], and [[Vivaldi (web browser)|Vivaldi]])
* [[Kaspersky Internet Security]] (discontinued) <ref>{{cite web|title=Kaspersky Internet Security|url=https://www.kaspersky.com/internet-security|website=Kaspersky|date=2021-01-15}}</ref>
* [[Kaspersky Anti-Virus]] (discontinued) <ref>{{cite web|title=Kaspersky Anti-Virus|url=https://www.kaspersky.com/antivirus|website=Kaspersky|date=2021-01-15}}</ref>
* [[McAfee]] [[SiteAdvisor]]<ref>{{cite web|title=McAfee SiteAdvisor|url=https://www.mcafee.com/en-us/antivirus/mcafee-siteadvisor.html|website=McAfee|date=2022-05-20}}</ref>
* [[Microsoft SmartScreen]] (used in [[Microsoft Edge (series of web browsers)|Microsoft Edge]], [[Internet Explorer]], and [[Microsoft Outlook]])
* [[Mozilla Thunderbird]]
* [[Netcraft]] Toolbar
* [[Netscape]]
* [[Norton 360]]
* [[Norton Internet Security]]
* [[PhishTank]] SiteChecker
* [[Quick Heal]]
* [[Windows Mail]] - default [[Windows Vista]] e-mail client
* [[WOT: Web of Trust|WOT (Web Of Trust)]] - browser extension
* [[ZoneAlarm]]
== Service-based anti-phishing ==
* [[Google Safe Browsing]]
* [[OpenDNS]]
* [[PhishTank]]
== Anti-phishing effectiveness ==
An independent study <ref name="cylab">{{cite web | url = http://www.cylab.cmu.edu/files/pdfs/tech_reports/cmucylab06018.pdf | title = Phinding Phish: An Evaluation of Anti-Phishing Toolbars | accessdate = 2008-05-25 | archive-url = https://web.archive.org/web/20100610061901/http://www.cylab.cmu.edu/files/pdfs/tech_reports/cmucylab06018.pdf | archive-date = 2010-06-10 | url-status = dead }}</ref> conducted by [[Carnegie Mellon University]] [[CyLab]] titled "Phinding Phish: An Evaluation of Anti-Phishing Toolbars" and released November 13, 2006 tested the ability of ten anti-phishing solutions to block or warn about known phishing sites and not block or warn about legitimate sites (not exhibit [[False positives and false negatives#False positive error|false-positives]]), as well as the [[usability]] of each solution. Of the solutions tested, [[Netcraft]] Toolbar, [[EarthLink]] ScamBlocker and SpoofGuard were able to correctly identify over 75% of the sites tested, with Netcraft Toolbar receiving the highest score without incorrectly identifying legitimate sites as phishing. Severe problems were, however, discovered using SpoofGuard, and it incorrectly identified 38% of the tested legitimate sites as phishing, leading to the conclusion that "such inaccuracies might nullify the benefits SpoofGuard offers in identifying phishing sites." [[Google]] Safe Browsing (which has since been built into [[Firefox]]) and [[Internet Explorer 7|Internet Explorer]] both performed well, but when testing the ability to detect fresh phishes [[Netcraft]] Toolbar scored as high as 96%, while Google Safe Browsing scored as low as 0%. The testing was performed using phishing data obtained from [[Anti-Phishing Working Group]], [[PhishTank]], and an unnamed [[email filtering]] vendor.{{Citation needed|date=August 2021}}
Another study,<ref name="firefoxtesting">{{cite web | url = https://www.mozilla.org/security/phishing-test.html | title = Firefox 2 Phishing Protection Effectiveness Testing| accessdate = 2008-05-25 }}</ref> conducted by [[SmartWare]] for [[Mozilla]] and released November 14, 2006, concluded that the anti-phishing filter in [[Firefox]] was more effective than [[Internet Explorer 7|Internet Explorer]] by over 10%. The results of this study have been questioned by critics,<ref name="asadotzlerblog1">{{cite web|url=http://weblogs.mozillazine.org/asa/archives/2008/02/safari_unsafe_p.html#comment-2528657 |title=Comment to Asa Dotzler blog post "safari unsafe? paypal thinks so." |accessdate=2008-05-25 |archiveurl=https://web.archive.org/web/20080505063110/http://weblogs.mozillazine.org/asa/archives/2008/02/safari_unsafe_p.html |archivedate=5 May 2008 |url-status=dead }}</ref> noting that the testing data was sourced from PhishTank, which itself is an anti-phishing provider. The study only compared [[Internet Explorer 7|Internet Explorer]] and Firefox, leaving out (among others) Netcraft Toolbar and the [[Opera (web browser)|Opera]] browser, both of which use data from PhishTank in their anti-phishing solutions. This has led to speculations that, with the limited testing data, both [[Opera (web browser)|Opera]] and Netcraft Toolbar would have got a perfect score had they been part of the study.<ref name="asadotzlerblog2">{{cite web|url=http://weblogs.mozillazine.org/asa/archives/2008/02/safari_unsafe_p.html#comment-2528717 |title=Comment to Asa Dotzler blog post "safari unsafe? paypal thinks so." |accessdate=2008-05-25 |archiveurl=https://web.archive.org/web/20080505063110/http://weblogs.mozillazine.org/asa/archives/2008/02/safari_unsafe_p.html |archivedate=5 May 2008 |url-status=dead }}</ref>
While these two reports were released only one day apart, Asa Dotzler, Director of Community Development at [[Mozilla]], has responded to the criticism of the Mozilla-commissioned report by saying, "so you're agreeing that the most recent legitimate data puts Firefox ahead. Good enough for me."<ref name=asadotzlerblog3>{{ cite web|url=http://weblogs.mozillazine.org/asa/archives/2008/02/safari_unsafe_p.html#comment-2528666 |title=Comment to Asa Dotzler blog post "safari unsafe? paypal thinks so." |accessdate=2008-05-25 |archiveurl=https://web.archive.org/web/20080505063110/http://weblogs.mozillazine.org/asa/archives/2008/02/safari_unsafe_p.html |archivedate=5 May 2008 |url-status=dead }}</ref>
Since these studies were conducted, both [[Microsoft]] and [[Opera Software]] have started licensing [[Netcraft]]'s anti-phishing data, bringing the effectiveness of their browser's built-in anti-phishing on par with [[Netcraft]] Toolbar.{{Citation needed|date=August 2021}}<ref>{{Cite web |last=Khan |first=Khalid |date=March 21, 2024 |title=Comparison of Anti Phishing Tools |url=https://kth.diva-portal.org/smash/get/diva2:1856752/FULLTEXT01.pdf |access-date=August 11, 2024 |website=kth.diva-portal.org}}</ref>
==See also==
*[[Mutual authentication]]
*[[Two-factor authentication]] - note: almost all two-factor techniques are also susceptible to phishing.<ref>{{cite journal|last1=Schneier|first1=Bruce|title=Kingdom Authentication|journal=CSO Magazine|volume=Feb 2006|page=52}}</ref><ref>{{Cite web |last=Team |first=PhishDestroy |title=Phishing removal |url=https://phishdestroy.io/ |archive-url=https://web.archive.org/web/20250826174042/https://phishdestroy.io/ |archive-date=26 Aug 2025 |access-date=2025-08-29 |website=phishdestroy.io |language=en}}</ref>
==
{{reflist}}
{{DEFAULTSORT:Anti-Phishing Software}}
[[Category:Computer security software]]
[[Category:Fraud]]
| |||