The problem of phishing has attracted considerable attention recently, and a number of solutions and enhanced security measures have been proposed. We perform a detailed analysis of several anti-phishing schemes, and attacks and improvements. While several anti-phishing technologies address commonly observed phishing tactics, the space evolves rapidly, and a good prevention technique should be robust to anticipated as well as observed attacks. We present a number of attacks and techniques that might be easily employed by phishers and examine the robustness of a recently proposed password re-use anti-phishing system. We compare with other proposed phishing prevention techniques and find that it withstands several attacks that render current anti-phishing approaches obsolete and fares better in a large scale deployment than others.
© 2004 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.