Let’s begin by looking at some of the best-known anti-phishing and cyber-education tools available:
Top Anti-Phishing Websites
Infosec IQ PhishSim
Infosec IQ is much more than a phishing simulator; it has highly interactive training modules and tailored courses along with its realistic phishing tests that give complete control to the administrator. The basic membership is as easy to attain as filling pit a form (quite literally). The cloud-based solution doesn’t require you to install anything or configure any servers or modify any scripts; register and within seconds you can get your phishing-education boots on. The free membership will give you a lot of perks (including the luxury to choose from over 100 templates) but there is a lot more on offer when you pay some bucks. You can find the membership plans explained better here.
Gophish
Gophish is an open-source platform that can be installed on most operating systems by merely downloading and extracting a ZIP folder. The features are few but are very artistically implemented. You can create phishing email templates very easily and, even though there aren’t any that come along with the package, there is a repository (supported by the community) that you can take aid from. Adding users via CSV files is also supported and creating a campaign is as simple as making a few clicks. The generated reports are aesthetically pleasing to look at and also contain a huge level of detail. The absence of educational components and the campaign scheduling feature is a downside, however.
Sptoolkit
Sptoolkit is another open-source project that provides a toolkit catering to both the phishing-training and the phishing-educating needs of an entity. The simple framework has been developed to provide organizations with the ability to identify weak links within their workforces. The tool was discontinued back in 2013 but a new team has brought it back to life. The GIT page of the tool also has a complete installation guide.
LUCY
LUCY has a free version that can be downloaded by anyone after the providing an email address and a name, as a Debian install script or a virtual appliance. LUCY serves as a social engineering platform that enables people to have much more than anti-phishing awareness, education, and quizzes to exploit. Even though the community version of the tool is not bad, the real goodness can only be experienced with the enterprise versions. You get file attachment attack performance, campaign scheduling, and campaign stat exporting features in the paid versions of the software.
King Phisher
King Phisher is SecureState’s open-source anti-phishing solution. It’s one of the most sophisticated tools on our list because it has some amazing features, such as getting the location of phished users, running multiple campaigns at once, and the ability to do web cloning. There is a repository of templates for both server pages and messages. King Phisher can only be installed on Linux and the installation process is not straightforward, to say the least.
SpearPhisher
SpearPhisher has been developed by TrustedSec and it’s a pretty simple tool that can help you generate phishing emails. It contains:
A web-based application for creation and management. A SMTP server to send emails. A bottle web application for response tracking.
The increasingly straightforward GUI is intended to be used by non-technical users and is strictly Windows-based. The installation guide along with other information can be obtained from the GIT repository page.
Anti-Phishing Awareness Blogs and Other Resources
There are some blogs that exist solely to spread anti-phishing awareness and some websites that routinely share anti-phishing-related information.
Anti-phishing.org
The Anti-phishing working group (APWG), as their website states, “is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors, and NGO communities.” There is plenty of material on the website to quench anybody’s need for anti-phishing awareness.
Phishing.org
Phishing.org is another website that has many resources available for the needy to look at and benefit from. From talking about phishing scams to offering lists of anti-phishing tools and software, you can get a lot of help from this dedicated website.
Phishme blog
Phishme.com has been serving as a global anti-phishing solution provider for quite some time now. They also have a blog where they share information relating to anti-phishing awareness, along with news and happenings from around the cyber-world.
Digital Guardian blog
Digital guardian also has a blog where anti-phishing awareness information is routinely shared.
TraceSecurity blog
TraceSecurity’s flagship Tracephishing simulator is a must-try phishing simulator tool that has a plethora of beneficial features. Their blog is also one to routinely visit in order to stay technically aware.
Where to Report Phishing
The fact that the whole world is taking phishing seriously is comforting. Many commercially available products and services, from online bank accounts to email providers to credit card companies, have sections on their websites where you can report suspicious emails. There are also many dedicated websites where you can report phishing websites and malicious emails; some of them are:
Google’s SafeBrowsing website
Google has its very own designated webpage where you can report websites that perform phishing. It can be visited here.
The US-Computer Emergency Readiness Team
The US-CERT or the computer emergency readiness team has just one objective: to be readily available in technical emergencies. If you want to report a phishing attempt or a website you can send an email at phishing-report@us-cert.gov. More information can be found here.
IRS’ phishing-reporting support
The Internal Revenue Service’s website also provides awareness related to anti-phishing and, in case you experience anything sinister, you can send them an email at phishing@irs.gov. To get more information, click here.
Federal Trade Commission
The FTC also knows how terrible a crime phishing is and they discuss it extensively on their website. Report FTC-related phishing attempts at spam@uce.gov.
Symantec:
Symantec, the brains behind Norton antivirus and various other cybersecurity products, also has a dedicated page where you can report phishing websites.
Final Word
Not much can be said about the repercussions of a successful phishing attack. With statistics proving that phishing attacks have increased exponentially over the past few years, it has become the need of the hour for companies to allot budgets for cyber-training and phishing awareness. The tools and other resources mentioned above should be enough to make a workforce informed of the possible threats posed by phishing and how they can be avoided.