Internet is as treacherous as social world, its full of various traps and attacks. Phishing, it is one of the attack.The user validation system which based on traditional way of ID and password could not effective protect users apart from the aggrieve of such attacks. Besides the social engineering which adopted by net phishing, there is a great challenge on user's validatin tech, that is voilent suspect password by using dictionary attack. Therefor, this article analyse and discuss on each current phishing attack, such as analysing on the URL cheat by user end, the Cross Site Scripting Attacks and middle routing attacks, DNS attacks, Cookie attacks etc, discussing on current anti-phishing methods on adoption of HTTPS, black and white list, anti junk mails, enganced password validation etc. Through the analysing on the process of phishing attacks, this article conclude the key factors on successing of phishing attacks and why current recovery methods always meet the bottle-neck. Finally, this article supply and practise the bi-directional user validation system which is a kind of effective method resisting on net phishing attacks and each violent password suspect attaks by variety use of CAPTCHA, OTP and Visual cryptography tech etc. Hope to supply a further safty network utitlity environmrnt for users. |