Welcome to Phish Cutter
Phish Cutter is a free and open source tool to help users identify phishing emails, with a focus on the tactics that are utilized by company phishing tests. It currently supports only Microsoft Outlook on Windows, but other email providers and platforms are planned. You can download it from GitHub
If you can't run Phish Cutter, this website is still useful, as it contains a lot of information on identifying Phish as well as the Phishing Exams. Did you know that every phish test email your company sends contains information identifying it as a test in the email header? However your email client hides this information. You can create filters to guide these tests into folders or your trash. See the "Spot Phishing" link for more details
Why?
Company phishing tests can be the nastiest examples of phishing, ensnaring employees and subjecting them to real professional consequences. By examining and enumerating many of the tactics that phishing tests use, users can identify both real and simulated phishing attempts that may reach their inbox.
Training is not Sufficient
Email security vendors sell solutions that block 99% of Phishing, which is good. However, they don't give any information beyond "External Sender" labels about the emails that they actually let into your inbox. Instead, those same email security vendors pitch training and threat simulation software as the only way to enable users to make good decisions.
This is flawed thinking. Even the most trained, battle-tested users can fall victim to phishing. What's needed are tools that gives users real information to enable them to make good decisions.
Phish Cutter - Useful Information about Potential Phish
Phish Cutter uses lists of trusted domains and looks at the sender's email address to detect homoglyphs and mal-formed domain names. See the "Spot Phishing" page for many of the tactics that attackers and tests deploy in attempts to make their emails seem legitimate and trick you.
Phish Cutter also identifies urgency language. Users are encouraged to move fast, break things, and be more agile in their workplace. Attackers exploit this attitude by putting words like "Action Required" or "Penalties will be enforced". Phish Cutter looks for this to identify potential attempts.