Phishing is a type of fraud conducted primarily through email, SMS (Short Message Service) messages, and websites, in which the target is lured to divulge personal information — such as Social Security number, credit card numbers, and user names and passwords — which the scammer intends to use for identity theft and/or gain. Attempts to thwart phishing attacks are undertaken in a variety of ways, including by identifying spam emails, disabling links that appear suspicious, blocking attachments in emails and known phishing sites on the Internet, and providing warnings and host information about websites that may not be what they seem, allowing users to exercise discretion. Anti-phishing is an adjective used to describe various implementations intended to intercept and prevent phishing attacks. It can be used, for example, in such compounds as anti-phishing filter and anti-phishing toolbar,, two devices to help prevent phishing scams.
Although the majority of phishing scams attack with an email, they most often try to lure the target to a spoofed website — one that looks like a legitimate website, but isn’t — which is set up to collect the target’s information. An anti-phishing toolbar works in conjunction with a web browser to block or alert users to suspicious sites. It involves plug-ins that are browser-specific and appear toward the top of the browser display, integrated with the elements of the browser toolbar.
There are several ways in which an anti-phishing toolbar may work. It may depend on a continually updated list of known phishing sites. It may analyze the URL for similarity to legitimate sites—a trick often used by scammers, who register domains using portions of tradenames and possible typos. Additionally, it may check the site registrant.
An anti-phishing toolbar may operate in one or more ways. It may provide a pop-up warning dialog when the user attempts to navigate to a site that is suspicious. Some anti-phishing toolbars take steps to enlarging the domain name of the site, making fakes and alterations more noticeable for the user. Other features an anti-phishing toolbar may have include website risk ratings, posting the name of the country where the site is hosted, and alerting the user to a site that doesn’t use SSL (Secure Sockets Layer) encryption for password submission.
