Tool | Type | Description | Advantages | Disadvantages |
---|---|---|---|---|
Snort [4] | Network Level | Heuristic/rule engine | Good at detecting level attacks | Rules require manual adjustments. Does not look at content. |
SpamAssassin [9] | Server Side Filter | Heuristic engine that uses email specific features | Good at detecting email header spoofing. | High false positives |
PILFER [10] | Server Side Filter | Utilize 10 features extracted from email to classify | Better performance than SpamAssasin. | Did not use content from body of the email. Susceptible to short lived phish domains. |
SpoofGuard [30] | Client Side Tool | Plug-in to a browser | Warns user if link points to phish site. | Users do not pay attention to warnings. Not all email clients are browser based. |
CatchingPhish [31] | Client Side Tool | Detects fake website based on rendered images | Browser independent. Good results on small data sets. | Processing time is high. Susceptible to screen resolution. |
CallingID [32], CloudMark [33], Netcraft [34], and FirePhish [35] | Client Side Tool | Utilizes blacklist of domains. | Good for domains that employ domain level authentication. | Phish domains are short lived. Does not look at email content. |
eBay Account Guard[36] | Client Side Tool | Utilizes blacklist of eBay URLs | Protects eBay users. | Specific website tool. |
IE Phishing Filter[37] | Client Side Tool | Records specific user website visiting patterns. | Adapts to user website visit pattern. | Works only on internet explorer. |