Current Anti Phishing Methods

Current anti-Phishing methods include:

  • Maintaining a black-list of known Phishing domain names (IE7 and Firefox): this solution is not effective if the domain name of the attacker is not listed, and also does not protect against DNS poisoning and Man-in-the-Middle attacks, because it does not record IP addresses. Maintaining a list of suspected IP addresses is highly ineffective, as they tend to change quite often
  • Showing idiosyncratic characteristics (i.e: a picture chosen by the user) embedded in the login page: this method requires a two-step authentication scheme (the user must first supply his ID for the server to be able to retrieve his picture). This method does not protect against MITM attacks and relies solely on the alertness of the user. In theory, an attacker can obtains these 'individual' characteristics simply by obtaining a valid user name, which is fairly easy since it must be sent to the server (real or not) before the authentication phase. An example of such solution: //www.bankofamerica.com/privacy/sitekey/
  • Dispensing altered logos and other images by the real server when a suspected Phishing attempt is detected: this solution will cause the login page to contain many warning signs IF the server can detect that the "user" is in fact a Phisher. A smart attacker can easily impersonate a legitimate user connection. In addition, this solution also relies on the alertness of the user
  • Preventing Phishing redirection scenarios (filtering e-mails, preventing cross-site scripting attacks): This type of solution is only marginally successful as there are always new ways to bypass such heuristics. There are numerous ways in which a user may be lured to follow a false link and it is almost impossible to predict and prevent all of them

Back to main Saphe project page

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License