On January 26, 2004, the U.S. Federal Trade Commission filed the first lawsuit against a suspected phisher. The defendant, a Californian teenager, allegedly created and used a webpage designed to look like the America Online website, so that he could steal credit card information.[76] Other countries have followed the lead of the U.S. by tracing [...]
Anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. The following are some of the main approaches to the problem.
Helping users identify legitimate sites
Since phishing is based on impersonation, preventing it depends on users having some reliable way to identify the [...]
One strategy for combating phishing is to train users to deal with phishing attempts. User education can be promising, especially where training provides direct feedback to the user on his success (or otherwise).[47] One newer phishing tactic, which uses phishing emails targeted at a specific company, known as spear phishing, has been harnessed to train [...]
PayPal phishing example
An example of a phishing email targeted at PayPal users.
In an example PayPal phish (right), spelling mistakes in the email and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of [...]
Once the victim visits the website the deception is not over.[31] Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate [...]