Internet Storm Center - Advice on Preventing Phishing Attackshttp://isc.sans.org//diary.php?date=2005-02-12PDF - Advice on Preventing Phishing Attackshttp://isc.sans.org/presentations/phishthat.pdf
Progressively, phishers have taken great pain to include real code from the real site that they are spoofing. For example, if you click on any of the links of the phishing/fake site, it will take you to the actual real site pages. But over at real site, the real site should be able to see the referral URL that sent you there. If the real site is getting visitors referred by any URL other than their own, then they should actively create a page with a big fat warning banner at the top saying that it is likely that the user was just at a fake site previously. Note that referring URLs can come from legitimate locations, like a local business directory or something similar. Here are some of the techniques discussed that website owner can consider to detect whether their sites could be possibly targeted by phishers:
* Filter referral URLs coming from sites unrelated to the bank (easier said than done, but a default deny rule would be a good place to start, particularly for the deep links).
* Provide an email address to handle questions and a FAQ.
* Use warning banners to educate users.
* Even better - issue all of your customers an X.509 cert that they install in their browsers and don't accept business transactions unless the certificate is valid (also easier said than done).
* Equipping all the customers with a hardware token generating a OTP (though another easier said than done, but it has been implemented on one of the site).