Phishing Detection, Prevention, and Notification
Abstract
Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
Claims
exact text as granted — not AI-modified1 . A system, comprising a phishing detection module configured to compare a history of user activity to a list of known phishing domains, and further configured to initiate a warning if a domain similar to a known phishing domain is included in the history of user activity.
2 . A system as recited in claim 1 , wherein the phishing detection module is a component of a Web browsing application, and is further configured to initiate the warning to a user to identify a visited Web site as a phishing Web site.
3 . A system as recited in claim 1 , wherein the phishing detection module is a component of a Web browsing application, and is further configured to maintain a history of data submitted via a Web browsing user interface to one or more visited Web sites.
4 . A system as recited in claim 1 , wherein the phishing detection module is a component of a Web browsing application, is further configured to maintain a history of data submitted via a Web browsing user interface to one or more visited Web sites, and is further configured to initiate the warning to a user in an event that data is submitted to a phishing Web site.
5 . A system as recited in claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that a suspected phishing communication is rendered for viewing.
6 . A system as recited in claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that the user replies to a phishing communication.
7 . A system as recited in claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that the user communicates a message to a phishing address.
8 . A system as recited in claim 1 , wherein the phishing detection module is a component of a messaging application, and is further configured to receive a warning message in an event that private information is potentially disclosed.
9 . A system as recited in claim 1 , further comprising an email server configured to communicate a warning message to the messaging application in an event that private information is potentially disclosed.
10 . A method, comprising:
receiving content from a network-based resource; rendering a user interface of a Web browsing application to display the content received from the network-based resource; detecting a suspicious user-selectable link in the content that is a link to at least one of an additional network-based resource, a URL (Uniform Resource Locator), or an email address; and generating a warning that explains why the user-selectable link is suspicious.
11 . A method as recited in claim 10 , wherein generating the warning includes generating the warning to explain that the user-selectable link includes at least one of an “@” sign, suspicious encoding, an IP (Internet Protocol) address, a redirector, a link text and a mismatched URL (Uniform Resource Locator), or that the user-selectable link is a known phishing site.
12 . A method as recited in claim 10 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link is similar to a known fraudulent target.
13 . A method as recited in claim 10 , wherein generating the warning includes generating the warning to explain a difference between a valid user-selectable link and the suspicious user-selectable link.
14 . A method as recited in claim 10 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes suspicious text content.
15 . A method as recited in claim 10 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes suspicious text content in a title bar of the user interface of the Web browsing application.
16 . A method, comprising:
rendering a messaging user interface to facilitate communication via a messaging application; receiving a communication from a domain; detecting a suspicious user-selectable link in the communication that is a link to at least one of a network-based resource, a URL (Uniform Resource Locator), or an email address; and generating a warning that explains why the user-selectable link is suspicious.
17 . A method as recited in claim 16 , wherein generating the warning includes generating the warning to explain that the user-selectable link includes at least one of an “@” sign, suspicious encoding, an IP (Internet Protocol) address, a redirector, or link text and a mismatched URL (Uniform Resource Locator).
18 . A method as recited in claim 16 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link is similar to a known fraudulent target.
19 . A method as recited in claim 16 , wherein generating the warning includes generating the warning to explain a difference between a valid user-selectable link and the suspicious user-selectable link.
20 . A method as recited in claim 16 , wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes at least one of a suspicious sender address, or display name.Join the waitlist — get patent alerts
Track US2007033639A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.