Anti-phishing refers to the method employed in order to detect and prevent phishing attacks. Anti-phishing protects users from phishing. A lot of work has been done on anti-phishing devising various anti-phishing techniques. Some techniques works on emails, some works on attributes of web sites and some on URL of the websites. Many of these techniques focus on enabling clients to recognize & filter various types of phishing attacks. In general anti-phishing techniques can be classified into following four categories.
Content Filtering– In this methodology Content/email are filtered as it enters in the victim’s mail box using machine learning methods, such as Bayesian Additive Regression Trees (BART) or Support Vector Machines (SVM).
Black Listing– Blacklist is collection of known phishing Web sites/addresses published by trusted entities like google’s and Microsoft’s black list. It requires both a client & a server component. The client component is implemented as either an email or browser plug-in that interacts with a server component, which in this case is a public Web site that provides a list of known phishing sites.
Symptom-Based Prevention– Symptom-based prevention analyses the content of each Web page the user visits and generates phishing alerts according to the type and number of symptoms detected.
Domain Binding– It is an client’s browser based techniques where sensitive information (eg. name, password) is bind to a particular domains. It warns the user when he visits a domain to which user credential is not bind.