Phishing and spear-phishing attacks happen on a daily basis, and in most of the cases, these phishing attacks can be stopped by having an anti phishing software solution in place.
In this article, we will take a look at the best anti phishing software solutions that are provided in 2019.
Phishprotection is a company based in San Diego. This company specialises in detecting phishing attacks. They also included a lot of information on what an actual phishing attack is, and how you can protect yourself quickly against these type of attacks. Their main focus is to provide anti-phishing software solutions.
Phishprotection is not the only one providing solutions against phishing attacks, but it is one of the few companies that has a real focus on it. Proofpoint and Mimecast also provide solutions against phishing attacks.
Anti Phishing software reviews
Before you purchase an anti phishing solution, we strongly recommend to review the solution. If it is possible to download and use a trail-version of the software, then do certainly make use of it. You want to find a company or solution that understands how phishing attacks work.
If you see stuff like DMARC, DKIM and SPF in one of the articles from the solution providers, then it might be a good match as they know what they are talking about.
Anti phishing software download
It is also not recommended to download just an anti-phishing software solution, before you download and make use of the solution, make sure that it actually defends your company or environment against phishing attacks.
We say this as in some cases, lets say an Arabic company, it is important to have a service or solution that can detect Arabic phishing attacks. If you are located in The Netherlands, you want to have a solution that can detect Dutch phishing attacks.
If you want to get a view on how many phishing attacks take place, then it might be a good chance to take a look at Phishtank. Phishtank is an website that has a very specific focus on Phishing attacks.
The community on Phishtank consists out of people that hunt down Phishing environments on a daily basis.
From the last view on Phishtank, we noticed that at least 10 000 new Phishing environments are added HOURLY. This means that we can expect a minimum of 240 000 new phishing environments (websites) on a daily basis. If we say that each of these phishing environments is supported by two emails that try to lure unaware users to the Phishing site, we get on a total of 480 000 emails that have been setup to phish users.
Setting up Phishing attacks
In the past, we published some articles on how phishing attacks are actually setup. The quickest way that we love to use, is to make use of the social engineering toolkit in Kali Linux, this tool is also known as SET. This tool allows you to setup phishing environments within minutes. This literally means, that in 1 hour, it is possible to setup at least 30 phishing sites that look like the offical phished site.
In the screenshot above you see the social engineering toolkit, this toolkit is command line based, and it has been setup in such a way, that with some minimal settings, you can have a phishing site setup. This phishing tool also does not care if the site that you want to phish is HTTPS or HTTP, it will clone the website and it will just look like the official site.
Software is not enough
Yes, having an anti phishing software in place, will help you to capture a lot of phishing attacks, but there is literally no guarentee that some of the threat actors also purchased the software, and they use it to see if their phishing attacks are being detected.
So, yes, software will help you, but it is also the people you need to train. It should be common for the email users to check for quick phishing identifiers.
What do we know
- Phishing attacks can be setup within minutes
- It is important to make use of anti-phishing software
- If you want to download anti phishing software, then do use the official source
- If there is a trail version of the software available, then do try that first
- Review the solutions, and pick the best one that suites your environment
- Train your environment to detect phishing attacks
- Make use of DMARC, DKIM and SPF policy