6. Anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. The following are some of the main approaches to the problem. Helping users identify legitimate sites Since PHISHING is based on impersonation, preventing it depends on users having some reliable way to identify the sites they are dealing with. Alerting users to fraudulent websites Another popular approach to fighting PHISHING is to maintain a list of known phishing sites and to check websites against the list. Microsoft's new IE7 browser , Mozilla Firefox 2.0, and Opera all contain this type of anti-PHISING measure. Firefox 2 uses Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust , as well as live whitelists from GeoTrust . Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about compromising the user's privacy. According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company. Eliminating phishing mail Spam filters can also help by reducing the number of phishing emails that users receive.
8. Users can take steps to avoid PHISHING attempts by slightly modifying their browsing habits. Users who are contacted about an account needing to be "verified" (or any other topic used by PHISHERS) can contact the company that is the subject of the email to check that the email is legitimate, or can type in a trusted web address for the company's website into the address bar of their browser to bypass the link in the suspected PHISHING message. Nearly all legitimate email messages from companies to their customers will contain an item of information that is not readily available to PHISHERS. Some companies, like PAYPAL, always address their customers by their username in emails, so if an email addresses a user in a generic fashion (" Dear PAYPAL customer ") it is likely to be an attempt at PHISHING. Emails from banks and credit card companies will often include partial account numbers. However, recent research has shown that typical users do not distinguish between the first few digits and This is a significant problem since the first few digits often are the same for all clients of one financial institution. One should always be suspicious if the message does not contain specific personal information. PHISHING attempts in early 2006, however, used such highly personalized information, making it unsafe to rely on personal information alone as a sign that a message is legitimate. Furthermore, another recent study concluded in part that the presence of this information does not significantly affect the success rate of PHISHING attacks, suggesting that most users do not pay attention to such details anyway. the last few digits of an account number