PHISHWISH: A SIMPLE AND STATELESS PHISHING FILTER

We define phishing as the practice of directing unsuspecting users to fraudulent websites with the intent of obtaining personal information to be used for illicit purpose by a spammer. We introduce a new anti-phishing filter, phishwish, that has a number of advantages over existing phishing filters: it does not need to be trained, as is the case with Bayesian filters, nor does it consult centralized white or blacklists to determine whether an email is suspect. Phishwish uses a set of only 11 rules to determine the veracity of an incoming email; the results can be used to quarantine the email or to alert the user. We compare the performance of phishwish to SpamAssassin, a popular open source filter, as well as the Google phishing filters accessed from the Firefox browser. Our results indicate that phishwish outperforms existing filters in identifying phishing emails, even identifying those originated by the rock phish gang, and that it aids in detection of zero-day attacks that were not caught by existing filters.