Phishing is a new form of online crime where the unsuspecting user is tricked into revealing his/her personal information. It is usually conducted using social engineering or technical deceit–based methods. The various ways in which phishing can take place are described in this chapter. This is followed by a description of key strategies that can be adopted for protection of end users and organizations. The end user protection strategies include desktop protection agents, password management tools, secure e-mail, simple and trusted browser setting, and digital signature. Among corporate protection strategies are such measures as e-mail personalization, mail server authentication, monitoring transaction logs, detecting unusual downloading activities, token based and multifactor authentication, domain monitoring, and Web poisoning. Some of the commercially available and popular anti-phishing products are also described in this chapter.