US2007033639A1PendingUtilityA1

Phishing Detection, Prevention, and Notification

Assignee: MICROSOFT CORPPriority: Dec 2, 2004Filed: Sep 30, 2006Published: Feb 8, 2007
Est. expiryDec 2, 2024(expired)· nominal 20-yr term from priority
H04L 51/212H04L 63/1466H04L 63/1416H04L 63/1483
48
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

Claims

exact text as granted — not AI-modified
1 . A system, comprising a phishing detection module configured to compare a history of user activity to a list of known phishing domains, and further configured to initiate a warning if a domain similar to a known phishing domain is included in the history of user activity.  
   
   
       2 . A system as recited in  claim 1 , wherein the phishing detection module is a component of a Web browsing application, and is further configured to initiate the warning to a user to identify a visited Web site as a phishing Web site.  
   
   
       3 . A system as recited in  claim 1 , wherein the phishing detection module is a component of a Web browsing application, and is further configured to maintain a history of data submitted via a Web browsing user interface to one or more visited Web sites.  
   
   
       4 . A system as recited in  claim 1 , wherein the phishing detection module is a component of a Web browsing application, is further configured to maintain a history of data submitted via a Web browsing user interface to one or more visited Web sites, and is further configured to initiate the warning to a user in an event that data is submitted to a phishing Web site.  
   
   
       5 . A system as recited in  claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that a suspected phishing communication is rendered for viewing.  
   
   
       6 . A system as recited in  claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that the user replies to a phishing communication.  
   
   
       7 . A system as recited in  claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that the user communicates a message to a phishing address.  
   
   
       8 . A system as recited in  claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to receive a warning message in an event that private information is potentially disclosed.  
   
   
       9 . A system as recited in  claim 1 , further comprising an email server configured to communicate a warning message to the messaging application in an event that private information is potentially disclosed.  
   
   
       10 . A method, comprising: 
 receiving content from a network-based resource;    rendering a user interface of a Web browsing application to display the content received from the network-based resource;    detecting a suspicious user-selectable link in the content that is a link to at least one of an additional network-based resource, a URL (Uniform Resource Locator), or an email address; and    generating a warning that explains why the user-selectable link is suspicious.    
   
   
       11 . A method as recited in  claim 10 , wherein generating the warning includes generating the warning to explain that the user-selectable link includes at least one of an “@” sign, suspicious encoding, an IP (Internet Protocol) address, a redirector, a link text and a mismatched URL (Uniform Resource Locator), or that the user-selectable link is a known phishing site.  
   
   
       12 . A method as recited in  claim 10 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link is similar to a known fraudulent target.  
   
   
       13 . A method as recited in  claim 10 , wherein generating the warning includes generating the warning to explain a difference between a valid user-selectable link and the suspicious user-selectable link.  
   
   
       14 . A method as recited in  claim 10 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes suspicious text content.  
   
   
       15 . A method as recited in  claim 10 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes suspicious text content in a title bar of the user interface of the Web browsing application.  
   
   
       16 . A method, comprising: 
 rendering a messaging user interface to facilitate communication via a messaging application;    receiving a communication from a domain;    detecting a suspicious user-selectable link in the communication that is a link to at least one of a network-based resource, a URL (Uniform Resource Locator), or an email address; and    generating a warning that explains why the user-selectable link is suspicious.    
   
   
       17 . A method as recited in  claim 16 , wherein generating the warning includes generating the warning to explain that the user-selectable link includes at least one of an “@” sign, suspicious encoding, an IP (Internet Protocol) address, a redirector, or link text and a mismatched URL (Uniform Resource Locator).  
   
   
       18 . A method as recited in  claim 16 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link is similar to a known fraudulent target.  
   
   
       19 . A method as recited in  claim 16 , wherein generating the warning includes generating the warning to explain a difference between a valid user-selectable link and the suspicious user-selectable link.  
   
   
       20 . A method as recited in  claim 16 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes at least one of a suspicious sender address, or display name.

Join the waitlist — get patent alerts

Track US2007033639A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.