The invention includes a method and apparatus for preventing phishing attacks. A first method, for informing a user that a remote server is valid, includes receiving a request for information available from the remote server where the request includes an identifier, obtaining a dynamic personal attribute associated with the user using the identifier, and propagating the dynamic personal attribute toward the user, wherein the dynamic personal attribute is adapted for use by the user in validating the remote server. The remote server may be a web server, an authentication server, or any other remote device with which the user may desire to authenticate. A second method, for informing a user that a received message is associated with a valid website, includes obtaining a dynamic personal attribute associated with a user, generating a message for the user where the message is adapted to enable the user to request a website and includes the dynamic personal attribute associated with the user, and propagating the message toward the user. The received message may be any type of message, such as an email message, an instant message, a text message, and the like.