Light weight anti-phishing with user whitelisting in a web browser

Phishing often causes more financial damages to enterprises and users than virus and worms. Proposed techniques so far mostly are to provide protection for the banks or other enterprise corporations and/or require changes in web servers. Regular home users are left without protection against phishing, other than the traditional rudimentary email filtering. Furthermore, security toolbars on browsers have been shown to be not effective. In this paper, we propose a light-weight user whitelist technique to provide protection for home users. We argue that for home users, whitelisting is advantageous over blacklisting, a popular technology. We show it is effective and efficient while imposing little burden on users and requiring no modification of servers.