Phinding Phish: An Evaluation of Anti-Phishing Toolbars


There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used a feed of reported phishing emails to test the effectiveness of five popular anti-phishing toolbars -- Netcraft Anti-Phishing Toolbar, Google Toolbar, TrustWatch Toolbar, SpoofGuard, and Cloudmark's Anti-Fraud Toolbar. Overall, we found that the differences between the various toolbars were quite startling. Only two of the toolbars, SpoofGuard and Netcraft, were able to consistently identify over 80% of the phishing web sites. One of the toolbars, Cloudmark, was able to identify fewer than 40% of the sites, on average. SpoofGuard yielded far more false positives than the other four toolbars. Additionally, all of the toolbars examined were found to be susceptible to exploitation. In this paper we describe the anti-phishing toolbar testbed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.


Lorrie Faith Cranor, Serge Egelman, Jason Hong and Yue Zhang. Phinding Phish: An Evaluation of Anti-Phishing Toolbars. November 13, 2006. CyLab Technical Report CMU-CyLab-06-018.

Full Text

Lorrie Faith Cranor