A tool is required which will search the body of an email (including the HTML) for signs of phishing. Details of the tool to follow.
It would be a case of copy and pasting content of an email including its html into a text box and then to parse it.
# {#firstHeading}
# - {#firstHeading}
## Deliverables
The evaluation criteria will **hope** to include the following,
1. Key Words
2. Presence of JavaScript
3. Impersonalised Greeting (no name)
4. Email containing sense of urgency
5. Presence of embedded links (how many)
6. Not matching links. (e.g. <a href="http://IP address/[login to view URL]">Paypal</a>
7. No. Of different URL's. E.g. fake address mixed up with links to genuine sites.
8. Presence of IP's in URL.
9. Presence of form on page.
10. An embedded link with the words "click here"
11. Age of linked to URL's
Pattern matching/Algorithms would need to be used.
the Knuth Morris Pratt algorithm is an option.
How to come up with a result would need to be considered. Each of those criteria would be given a weighing like in Spam Assassin and would ultimately give up a result, a phish or not.