Problems Using Anti-Phishing Programs

Types of Anti-Phishing Program

• Anti-phishing tools include software that blocks phishing sites. Since most phishing relies on emails that direct you to phishing sites, often with spurious threats of account closure or warnings about identity theft, some anti-phishing software also helps filter your incoming email so that you never receive phishing mails in the first place. Anti-phishing software can work heuristically, identifying possible phishing mails or sites from certain shared features; by comparing sites with a whitelist of trusted sites; or by comparing addresses with a blacklist of known phishing sites.

Blacklists

• Relying solely on blacklists is a problematic tactic. While many phishing sites are identified and reported within hours, some can remain active and undetected for days at a time. If a site is not on a blacklist, software relying on such a list may not identify and block it.

False Positives

• Programs using heuristic methods to identify phishing emails or sites may sometimes produce false positives, misidentifying addresses as dangerous when they aren't. This can potentially result in the software filtering genuine mails into the trash and blocking safe websites along with dangerous ones.

False Negatives

• Phishers can defeat heuristic programs by tailoring their sites and emails to avoid the kinds of red flags that the software will be looking for, resulting in false negatives -- sites and emails being treated as safe when they are not. Emails and sites set up by spear phishers to target a specific individual or individuals may be especially hard for programs to spot.

Toolbars

• Toolbars or BHOs (browser helper objects) can clutter up smaller screens and do not always work properly. Toolbars can themselves create a security flaw if they are set up to download updates or other software from the Internet without your knowledge, as many are; it is possible for malicious software to be downloaded onto your computer.

Scareware

• Some anti-phishing toolbars and other programs are not real anti-phishing software at all, but scareware. Scareware is the name given to fake security software that produces bogus warnings to trick the user into downloading more software. This software may do nothing at all, but typically it produces yet more warnings or compromises your system's security. Scareware is often designed to trick users into handing over their financial details in exchange for dummy software or malicious code.

Redundancy

• Many security suites now offer anti-phishing features, as do most major email programs. Widely-used browsers such as Internet Explorer and Mozilla now block dangerous sites such as attack sites and phishing sites. For this reason, dedicated anit-phishing software may be redundant, unless it is particularly advanced.

Human Error

• To make their emails and sites seem more believable, phishers may try to trick you out of information by means other than email, such as a telephone call. This inside information can then be used to craft convincing emails for spear phishing. Giving away sensitive information to phishers in this way can undermine the effectiveness of your anti-phishing software and other measures.