Date Added: Dec 2009
Many anti-phishing mechanisms currently focus on helping users verify whether a web site is genuine. However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishing attacks and protect Internet users from revealing their credentials to phishing sites. In this paper, instead of preventing human users from "biting the bait," a new approach to protect against phishing attacks with "bogus bites is proposed." BogusBiter, a unique client-side anti-phishing tool is developed, which transparently feeds a relatively large number of bogus credentials into a suspected phishing site. BogusBiter conceals a victim's real credential among bogus credentials, and moreover, it enables a legitimate web site to identify stolen credentials in a timely manner.