Phishers take images from genuine sites to build fake ones?

For every measure there is a counter-measure. Just because you can't save an image does not protect against duplication by taking a screenshot.

Yes, I agree that in general people should be using technologies to at least make it more difficult for the phishers to operate. Just disabling hot-linking would itself force phishers to address bandwidth issues and force them to serve from an alternate location.

And, the W3C has probably been negligent as well in not agreeing on a method for securing graphics. I would probably like to see all web graphics securable by watermarking, but it would require co-operation by the browser OEMs to support such a standard to avoid having to install a special plug-in to invisibly authenticate the graphics on the page.

As for the banks... The closer you look at how they operate the more disgusted you will be with their security in general. For years, banks seemed to be willing to absorb billions of dollars related to fraud as just a cost of doing business. Only recently (within the last year or so) I'm seeing better contructed websites, better authentication methods, and computer systems using more up to date technology.

You can't protect graphics from being downloaded and copied.

Plus of course the newest threats are XXS attacks, they inject their own code into the genuine sites so when you visit the site , it is really their site with graphics, url everything but they have managed to put extra content into the page so when you log on, they grab your passwords ha ha...

they cant just protect the pictures because they want them to show, the phishers dont take the pictures so much as use the exact same code from the genuine website to link to the pictures. so to the server, it just looks like a regular person is accessing the pictures. nothing beats a printscreen anyways.