Anti-phishing is a network security strategy for guarding against the unauthorized extraction of user identity information.
Phishing typically employs setting up malicious email campaigns with misleading email addresses and domain names to solicit user credentials.
For example, an email might request that a user update their credentials as part of routine security measures and include a link that directs the user to the attacker's website, which has a similar domain name to one trusted by the user. This website can then be used to solicit and compromise user credentials.
Anti-phishing techniques can include the monitoring of web application traffic for traffic that attempts to access or change identity information and ensure that client requests for these actions are only allowed to authorized web domains.