In this paper, instead of preventing human users from "biting the bait", we propose a new approach to protect against phishing attacks with "bogus bites". We develop Bogus Biter, a unique client-side ant phishing tool, which transparently feeds a relatively large number of bogus credentials into a suspected phishing site. Bogus Biter conceals a Victim's real credential among bogus credentials, and moreover, it enables a legitimate web site to identify stolen credentials in a timely manner. Leveraging the power of client-side automatic phishing detection techniques, Bogus Biter is complementary to existing preventive anti-phishing approaches. We implement Bogus Biter as an extension to Firefox 2 web browser, and evaluate its efficacy through real experiments on both phishing and legitimate web sites. Many anti-phishing mechanisms currently focus on helping users verify whether a web site is genuine. However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishiug attacks and protect Internet users from revealing their credentials to phishing sites.