Secure Anti-Phishing Environment (SAPHE)


Phishing is a growing menace which caused 3 billion dollars in damages in 2007 alone (according to a Gartner survey from Dec. 2007).

Phishing attacks include any attempt by a malicious entity to solicit a user to divulge personal or secret information, such as passwords or credit card details, by masquerading as the legitimate server. These attacks lead to identity theft, and consequently to monetary damages to the user.

This document presents a suggested solution to this problem that can protect against the following scenarios:

The Saphe solution makes sure that the password is not sent until both the server on the other side and the connection itself are authenticated. Try it now!

See also: Motivation for the project

A thwarted Phishing attempt!

A thwarted Phishing attempt!

Find out more

Relevant background data

Do you want to know more about the hazards of Phishing attacks, how they are performed and what are the existing solutions (and their shortcomings)? find out more...

The Saphe solution

Do you want to learn more about the Saphe solution, how it can prevent any known Phishing attack and how it is implemented? find out more...

Get the Saphe solution

Get the compiled binary and source code and experience the protection it provides with the demo Saphe server. Try it now!

Group Members

  • Uri Sternfeld (sternfeld at gmail d0t c0m -OR- moc.oohay|noitulosehpas#moc.oohay|noitulosehpas)
  • Liza Etkin
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License