Abstract. Approaches against Phishing can be classified into modifications of the traditional PIN/TAN-authentication on the one hand and approaches that try to reduce the probability of a scammer being successful without changing the existing PIN/TAN-method on the other hand. We present a new approach, based on challenge-response-authentication. Since our proposal does not require any new hardware on the client side, it can be implemented with little additional cost by financial institutions or other web retailers and therefore is a good compromise compared to the other approaches. A big drawback is that it doesn’t protect against man-in-the-middle attacks but most of the other approaches don’t either.