There are ways to guard against phishing fraud, with and more preventive measures are on the way. Phishing is a practice in which social engineering, impersonation, and automation are used on the Internet to steal authentication credentials, including passwords and account numbers, from people. The final Services Technology Consortium (FSTC) has recently developed a taxonomy of phishing attacks that helps users understand phishing via a commonly used attack life cycle and a predictable set of acts that attackers use in each phase of the life cycle. Credential theft from databases or through non-electronic means are not included in the taxonomy because those acts are not a part of phishing. The attacker begins by choosing a victim, decides on what to steal and how it will be stolen, and what phony scenario to use. Among products, technologies, countermeasures, and protective methods highlighted are improved mutual authentication, proprietary solutions from Goodmail, RSA, Entrust, ShareCube, and Vasco Data Security. Digital certificates from such companies as Verisign and GeoTrust can be used, as can biometric identification techniques. BioPassword, for instance, uses keystroke dynamics to identify users according to the way they type, and 41st Parameter is an unusual authentication approach in which dozens of verification checks are done on a customer computer operating system (OS) and the visitor's OS system profile is compared to a system profile on file. Also discussed are measures for spam filtering and infringement of domain name detection. Phishing Web site detection vendors are highlighted, along with phishing solution packages from such companies as Corillian, Cyota, Cyveillance, and MarkMonitor.