Phishing has grown significantly in the last decades or so, becoming the most common web threat today. Ranging from security toolbars to web browser add-ons, hundreds of anti-phishing mechanisms currently concentrate on how to inform the user whether the website is fake or not. Our findings reveal that different approaches proposed in the past are all preventive by nature. Phishers continually target the weakest link in the security chain, namely, consumers in their attacks. Various usability studies have demonstrated that neither server-side security indicators nor client-side toolbars and warnings are successful in preventing the vulnerable users from being deceived. In this study, we propose a new mechanism—‘Virtual Browser (VB)’—to counter phishing attacks. Instead of identifying the fake ones, VB will allow access only to the genuine sites. Users will be given an on-demand browsing service over the Internet, where they can remotely connect to a secure server and use pre-configured browsers to securely connect to any websites of their choice.

Phishing is a term derived from fishing, in which the fish catcher puts a bait to catch fishes. Similarly, in today’s modern cyber world, phishing attacks combine technology and social engineering to gain access to restricted information of a user. The most common phishing attacks today send mass e-mail or instant messages asking the victim to visit a fake website to disclose personal credentials. Although phishing is a simple social engineering attack, it has proven to be surprisingly effective. Hence, the number of phishing scams is continuing to grow, and the costs of the resulting damages are increasing. Researchers across the globe as well as the IT industry experts have identified the urgent need for anti-phishing solutions.

Information Technology Journal, Phishing, Anti-phishing, Virtual Browser (VB), Cyber crime, Internet security.