Helping people with computers... one answer at a time.
Phishing scams are difficult for computers to identify and difficult to protect against. Ultimately you are the best defense against phishing scams.
What free phishing program do you recommend?
I'll start by assuming you're looking for an anti-phishing tool, to protect you from phishing scams, just like we refer to anti-virus programs to protect us from viruses and anti-spyware tools to protect against spyware.
If you're looking for software to create phishing scams ... well, you came to the wrong place.
Phishing is interesting, and difficult to protect against.
But I do have a strong recommendation for the absolute best anti-phishing tool.
You are the best anti-phishing tool. In fact, in some cases you are the only possible anti-phishing tool.
Yes, I'll discuss some software solutions, since I know that's what you really mean, but phishing is so unique that they simply can't do the same job that you can.
It's all about education, common-sense and healthy skepticism.
The problem is that phishing uses something we've come to call "social engineering". Phishing attempts aren't software, they're not some program that gets deposited on your computer, they're not even necessarily web sites or bad URLs that you might be able to check for.
Phishing attempts are all about fooling you, not the computer.
Consider the classic case: you have a Hotmail account and you receive an email warning that you will lose your account unless you reply with important information like your social security number, your email address and your password.
No software. No viruses or malware. No malicious web sites. Just an email.
An email that's attempting to fool you into doing something that you absolutely should not. Follow that email's instructions and that is what'll cause your account to disappear as it's then immediately accessed by the bad guys who sent that email.
That's tricking you into doing something that you shouldn't do.
There's no software in the world that's going to somehow magically make that go away.
Yes, anti-malware software may kill most forms of viruses or spyware that try to present phishing attacks, link checkers may identify many of the links to known malicious sites that attempt to present phishing attacks, and even spam filters may attempt to block messages that are obvious phishing attempts.
But a) that's not their primary function, and b) I guarantee you they won't stop them all.
Only you can do that by knowing what to look for (education), being real about what to expect (common sense) and being cautious before giving away any of your personal information (healthy skepticism).
Some great rules of thumb:
Email that asks for your login ID and password is bogus (or incredibly stupid). Delete it.
If it's too good to be true, it's not true. (You didn't win the lottery that you never entered.)
Unless you're positive, never click that emailed link. Go to the website yourself. Type (or copy/paste) the link into your browser yourself.
There's probably much more, but that's a great start.
Start with the basics: a firewall, a good anti-virus tool and a good anti-spyware tool. (My recommendations.)
Add to that a good spam filter - I happen to use Google Mail as my spam filter and it works very well.
And if you like, add a web site reputation monitor like Web of Trust, MacAfee's Site Advisor or others. Warning: reputations can be manipulated, both for good and bad, so don't throw your common sense out the door when using services like this. Continue to pay attention; use these services as an additional bit of information before going to a site you're unsure of.