Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks
First Claim
1. A computer-implemented method of preventing leakage of user credentials to phishing websites, comprising:
- capturing user credentials input to a webpage of a website;
generating a hash of the captured user credentials;
updating a stored list of trusted website credentials with the generated hashed user credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which the user credentials were input is present in a stored list of trusted websites;
in response to determining that the domain of the URL of the website to which the user credentials were input is not present in the stored list of trusted websites, determining whether the generated hashed user credentials matches one of a plurality of hashed user credentials in the list of trusted website credentials; and
subsequentlywhen the generated hashed user credentials matches a hashed user credential in the list of trusted website credentials, requesting input indicative of whether the URL of the website is trusted or whether the URL of the website is unknown and/or untrusted;
when the requested input indicates that URL of the website is unknown and/or untrusted, sending the URL of the website to a remote computer server over a computer network and disallowing submission of the user credentials to the website; and
in response to the requested input indicating that the URL of website is trusted, adding the domain of the URL of the website to the stored list of trusted websites, adding the generated hash of the captured user credentials to the stored list of trusted website credentials and allowing the user credentials to be submitted to the website.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user credentials to the website.
-
Citations
16 Claims
-
1. A computer-implemented method of preventing leakage of user credentials to phishing websites, comprising:
-
capturing user credentials input to a webpage of a website; generating a hash of the captured user credentials; updating a stored list of trusted website credentials with the generated hashed user credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which the user credentials were input is present in a stored list of trusted websites; in response to determining that the domain of the URL of the website to which the user credentials were input is not present in the stored list of trusted websites, determining whether the generated hashed user credentials matches one of a plurality of hashed user credentials in the list of trusted website credentials; and
subsequentlywhen the generated hashed user credentials matches a hashed user credential in the list of trusted website credentials, requesting input indicative of whether the URL of the website is trusted or whether the URL of the website is unknown and/or untrusted; when the requested input indicates that URL of the website is unknown and/or untrusted, sending the URL of the website to a remote computer server over a computer network and disallowing submission of the user credentials to the website; and in response to the requested input indicating that the URL of website is trusted, adding the domain of the URL of the website to the stored list of trusted websites, adding the generated hash of the captured user credentials to the stored list of trusted website credentials and allowing the user credentials to be submitted to the website. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computing device configured for preventing leakage of user credentials to phishing websites comprising:
-
at least one hardware processor; at least one data storage device coupled to the at least one hardware processor; a network interface coupled to the at least one hardware processor and to a computer network; a plurality of processes spawned by said at least one hardware processor, the processes including processing logic for; capturing user credentials input to a webpage of a website; generating a hash of the captured user credentials; updating a stored list of trusted website credentials with the generated hashed user credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which the user credentials were input is present in a stored list of trusted websites; in response to determining that the domain of the URL of the website to which the user credentials were input is not present in the stored list of trusted websites, determining whether the generated hashed user credentials matches one of a plurality of hashed user credentials in the list of trusted website credentials; and
subsequentlywhen the generated hashed user credentials matches a hashed user credential in the list of trusted website credentials, requesting input indicative of whether the URL of the website is trusted or whether the URL of the website is unknown and/or untrusted; when the requested input indicates that the URL of the website is unknown and/or untrusted, sending the URL of the website to a remote computer server over a computer network and disallowing submission of the user credentials to the website in response to the requested input indicating is that the URL of website is trusted, adding the domain of the URL of the website to the stored list of trusted websites, adding the generated hash of the captured user credentials to the stored list of trusted website credentials and allowing the user credentials to be submitted to the website. - View Dependent Claims (16)
-
Specification