Several recommendations where made from participants representing financial services firms, internet service providers, online retailers, computer security firms, software companies, consumer protection agencies, law enforcement agencies, and other bodies including the Anti-Phishing Working Group. The key ones are as follows:
-Create systems that are "secure by design" to make consumers safer online without having to be computer experts.
-Implement better ways to authenticate email users and web sites to make it easier to tell the difference between legitimate individuals and organizations and phishers posing as them.
-Provide better tools for investigation and enforcement to prevent phishers from taking advantage of technology, physical location, and information-sharing barriers to avoid detection and prosecution.
-Learn from the "lifecycle of the phisher" and use that knowledge about how these criminals operate to exploit points of vulnerability and stop them.
-Explore the use of "white lists" to identify web sites that are spoofing legitimate organizations and use "black lists" to create a phishing recall system that would prevent phishing messages from reaching consumers.
-Provide greater support for consumer education, using clear, consistent messages and innovative methods to convey them.