Phishwish: A Stateless Phishing Filter Using Minimal Rules

We define phishing as the practice of directing unsuspecting users to fraudulent websites with the intent of obtaining personal information to be used for illicit purpose by a spammer. We introduce a new anti-phishing filter, phishwish, that has a number of advantages over existing phishing filters: It does not need to be trained, as is the case with Bayesian filters, nor does it consult centralized white or black lists to determine whether an email is suspect. Phishwish uses a set of 12 rules to determine the veracity of an incoming email; the results can be used to quarantine the email or to alert the user. We compare the performance of phishwish to SpamAssassin, a popular open source filter, as well as the Google phishing filters accessed from the Firefox browser. Our results indicate that phishwish outperforms existing filters in identifying phishing emails and that it aids in detection of zero-day attacks that were not caught by existing filters.