Writing a sneaky, malicious program that can infiltrate a victim's computer and steal passwords is a tough, dirty job. It's a lot easier to just say, "Hey, gimme your password, ok?" That's what a phishing website does, in effect. The scammer simply devises a web page that looks exactly like the login page for a bank or other sensitive site, then blast-publishes links to that page using spam, social networking, and other techniques. Once a few poor saps have given away their login credentials, the scammer shuts down the site and starts another. The good news is, many popular security suites offer effective protection against these frauds.
Austrian testing lab AV-Comparatives put 16 popular suites to the test. Over a one-week period they scoured the Internet to locate active phishing sites, eliminating any duplicates or invalid sites and ensuring that every sample actively attempted to steal login credentials. 187 phishing URLs remained after validation. The researchers then simply attempted to visit those sites using test systems protected by each of the 16 suites, noting which ones were blocked by each product. Read more.