A phishing website whistle-blowing mechanism is a basic solution to preventing a phishing website attack. The anti-phishing organization encourages a terminal user to submit found phishing information. The phishing information includes a uniform resource locator (URL for short), email content, and the like. Then, collected phishing information is processed discriminatively and organized into a repository which is in the form of a URL list, a unidirectional hash (Hash) value, and the like. The repository is deployed in various kinds of security devices or client software. When a foregoing device detects that the repository includes a currently accessed web page, the device intercepts and filters the web page to prevent an attack from a phishing web page.
Currently, a general method is to integrate a phishing detecting module into client software. When a user accesses a web page by using a browser, the phishing detecting module calculates suspiciousness of the web page according to a local or remote data query result, and sends alarm information to the user if the suspiciousness is high. A remote anti-phishing server provides functions such as data updating, querying and filtering for phishing detecting modules in many clients. The phishing detecting module performs detection mainly based on a known phishing URL list, a phishing IP address list, a trusted domain name list, a phishing keyword, general characteristics of many phishing web pages, and the like. General characteristics of many phishing web pages include: having a hypertext markup language (HTML) input label, having data compliant with a social insurance number, displaying a URL that is inconsistent with a real URL, and the like.
Because a URL, an IP address and a domain name of a phishing web page keep changing, many normal web pages also include a phishing keyword. Therefore, if a phishing web page is detected by using the foregoing method, a rate of identifying a phishing web page is relatively low, and a rate of misjudging a normal web page is relatively high. Therefore, detection accuracy of the method for detecting a phishing web page in the prior art is relatively low.