Phishing is a continuing and serious problem for all of us. In the past few months, a number of companies have come out with anti-phishing toolbars – applications that you add to your internet browser and/or email program to help identify and block phishing websites and other web-based scams. Several of these tools are available for free.

Despite all the marketing hype, a recent independent study of these tools found them to be of only limited use. This study, conducted by four researchers at Carnegie Mellon University, found that even the best of the available anti-phishing toolbars only identified about 85% of fraudulent websites in their test. Worse, the toolbar created a false sense of security among users. Users tended to assume that the toolbar was working and that the website was safe even when it was not.

The anti-phishing toolbars also had problems with false-positives – good websites which were incorrectly identified by the tool as a probable phishing site. While 85% is a good start and shows that a technology solution might be someday possible, it is not yet safe to rely on these toolbars to identify phishing websites. Remain cautious whenever visiting a website that asks for any personal information.

For more, here are links to the full study (including descriptions of each of the tested toolbars) and a ComputerWorld article about the study.

Leave a Reply