Wikipedia defines phishing as "a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well."

Usually, emails that contain links phishing sites have deceptive subjects like "Important message from your Bank", use fake email addresses, copy logos and text from the sites they want to imitate. The URLs included in the emails may contain redirects, IP addresses or may look similar to the genuine URLs.


To protect you against the increasing number of phishing sites, the latest versions of many browsers have added phishing protection.

IE7
* the Phishing Filter is opt-in.
* two ways:
- automatically check sites you visit against the list of known phishing sites on the Microsoft server.
- check individual sites, if you have a reason to think they may be used for phishing.
* there's also an heuristic way to detect common elements included in phishing sites. In this case, IE7 shows a warning.
* IE7 has a whitelist, that includes sites like microsoft.com
* privacy: "When you use Phishing Filter to check websites automatically or manually, the address of the website you are visiting will be sent to Microsoft, together with some standard information from your computer such as IP address, browser type, and Phishing Filter version number. To help protect your privacy, the address information sent to Microsoft is encrypted using SSL and limited to the domain and path of the website. Other information that may be associated with the address, such as search terms, data you entered in forms, or cookies, will not be sent."
* the Phishing Filter is also available as an add-on for MSN Search Toolbar, in IE6.


Firefox 2
* the Phishing Protection is on by default.
* two ways:
- by default, Firefox checks each webpage you visit against a local list of pages, that's regularly updated (approximately twice per hour)
- you can also choose a real-time protection, but that means you send every URL you visit to Google or to other provider (for the moment, Google is the only provider).
* Firefox doesn't use heuristics to see if a web page may be used for phishing.
* privacy:
"Firefox sends the URL of the web page, in addition to your IP address and other Non-Personally-Identifying Information, to the selected third party service provider. Firefox displays a warning if the third party service provider returns with a response indicating that the URL you are accessing is a suspected web forgery. Finally, if you take any action in response to a phishing protection warning message, the selected phishing protection service provider may record that action and the URL of the page, and a cookie may be placed on your computer. While it is possible that a URL sent to your service provider may itself contain Personally-Identifying Information, Mozilla's third party service providers have entered into a written agreement with Mozilla not to use Personally-Identifying Information for purposes other than to enhance and maintain their service."
* the real-time phishing filter is also available in Google Safe Browsing and Google Toolbar for Firefox.

-V.Vadivelan