As Internet usage increases, Internet-based crime is blooming. One prevalent crime is “phishing”, which is an attempt to trick an Internet user into providing personal information to the phishing attacker. The information typically sought by phishing attackers is Internet user login information (e.g., the login name and password for an Internet user) and, sometimes, other information such as credit card information. The phishing attackers use the obtained Internet user information in order to steal the identity of the Internet user. For example, a phishing attack may be used in order to obtain information to impersonate the Internet user (e.g., to log into e-mail accounts, to authorize credit card transactions, and to perform similar actions in the name of the Internet user).
Phishing attackers may use various different setups to launch phishing attacks. For example, a phishing attacker may use Domain Name Service (DNS) spoofing to direct users to a website owned by the attacker when the users enter a Uniform Resource Locator (URL) of a real website. The spoofed website owned by the attacker is often a good look-alike, not exactly the same as the real website, but sufficiently convincing to not alert the user. Sometime, the spoofed website may even connect to the real website in the back-end, acting as a pass-through to the real website. Furthermore, phishing attackers may register a domain name that closely resembles a well-known domain name (e.g., registering www.googel.com instead of www.google.com to attack users that mistype the real domain name).
Many attempts have been made to prevent phishing attacks. Websites supporting user login capabilities often use Hypertext Transfer Protocol-Secure (HTTPS), and may present a certificate to enable the user to validate the identity of the website. Furthermore, many Internet browsers provide a graphical indication of the security level of a website (e.g., displaying an icon representing a padlock if the website displayed in the Internet browser is secure). Other attempts to prevent phishing attacks use cookies to store encrypted keys that servers can use to recognize valid clients; however, the reverse case (i.e., clients recognizing a valid server) is not covered.
Furthermore, other existing attempts to prevent phishing attacks use client-side browser extensions to check for typical signs of phishing (e.g., checking website URLs and checking the syntax of presented website pages). Another common attempt to prevent phishing attacks includes use of blacklists (e.g., lists of phishing webpages maintained locally on a client or remotely on a server which clients may access for each URL requested by the Internet browser). Another more recent attempt to prevent phishing attacks uses two-factor authentication, putting a second factor encrypted in a cookie on the client. In this attempt, the server securely stores a personalized message configured by the user, and the personalized message is displayed to the user before login, thereby enabling the user to distinguish between a valid website and a fraudulent website.
Disadvantageously, despite these attempts to prevent phishing attacks, users are still easily tricked by phishing attacks. For example, users fail to check the validity of a website, fail to notice the absence of icons indicating that a website is secure, and cannot tell the difference between a valid certificate and an invalid certificate. Furthermore, as new attempts to prevent phishing attacks are developed and implemented, phishing attackers may adapt phishing techniques such that users continue to be tricked into providing personal information to the phishing attackers. Therefore, there is clearly a need for an improved technique for preventing phishing attacks.