Method and system for tracking fraudulent activity

US 20060041508A1
Filed: 08/20/2004
Published: 02/23/2006
Est. Priority Date: 08/20/2004
Status: Active Grant

First Claim

Patent Images

1. A system for tracking potentially fraudulent activity, the system including:

a fraud tracking database; and

a fraud tracking server connected to the fraud tracking database, the fraud tracking server including;

a communications module to receive data identifying a potential spoof site; and

control logic to generate a spoof site tracking record in the fraud tracking database, the spoof site tracking record including the data identifying the potential spoof site.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for tracking potentially fraudulent activities associated with one or more web sites is disclosed. The system includes a fraud tracking server connected to a fraud tracking database. The fraud tracking server includes a communications module to facilitate the exchange of data between the server and multiple client devices. The fraud tracking server receives data from one or more client devices that identifies a potential spoof site. The fraud tracking server also includes control logic to generate a spoof site tracking record in the fraud tracking database. The spoof site tracking record includes the data identifying the potential spoof site. After the spoof site tracking record has been created, the fraud tracking server notifies an administrator of the potential spoof site by communicating the data received and stored in the fraud tracking database to an administrator.

239 Citations

36 Claims

1. A system for tracking potentially fraudulent activity, the system including:
- a fraud tracking database; and
  
  a fraud tracking server connected to the fraud tracking database, the fraud tracking server including;
  
  a communications module to receive data identifying a potential spoof site; and
  
  control logic to generate a spoof site tracking record in the fraud tracking database, the spoof site tracking record including the data identifying the potential spoof site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein the data identifying the potential spoof site is a URL identifying a document associated with the potential spoof site, and the communications module further includes:
    - a URL extraction module to extract the URL from an email received by the communications module.
  - 3. The system of claim 2, wherein the communications module further includes:
    - an administrative module to automatically communicate the URL extracted from the email to an administrator.
  - 4. The system of claim 3, wherein the control logic further includes:
    - a URL analyzer module to analyze a URL received by the communications module to determine whether the URL is associated with a previously identified spoof site for which a spoof site tracking record already exists.
  - 5. The system of claim 3, wherein the administrative module is to receive verification from the administrator that the potential spoof site is an actual spoof site, and the control logic is to automatically update the corresponding spoof site tracking record with data associated with the actual spoof site.
  - 6. The system of claim 5, wherein the verification received from the administrator indicates that the administrator has viewed the potential spoof site and determined that the potential spoof site is an actual spoof site.
  - 7. The system of claim 5, wherein the control logic is to automatically retrieve data associated with the actual spoof site when the administrative module receives the verification from an administrator that the potential spoof site is an actual spoof site.
  - 8. The system of claim 7, wherein the control logic is to automatically download the source code of a document associated with the actual spoof site.
  - 9. The system of claim 5, wherein the control logic further includes spoof page fingerprinting logic to generate a spoof page identifier for a document associated with the actual spoof site, the spoof page identifier for use by the spoof page fingerprinting logic to identify the source of the actual spoof site.
  - 10. The system of claim 5, wherein the control logic is to analyze an IP address of a server hosting the spoof site to determine an ISP associated with the IP address, and the communications module further includes:
    - a communications module to automatically generate an email addressed to the ISP associated with the IP address, the email notifying the ISP of the spoof site and requesting the ISP to take action to remove the spoof site.
  - 11. The system of claim 5, wherein the control logic includes a spoof site monitoring module to automatically monitor the actual spoof site to determine whether the actual spoof site is still active and to update the spoof site tracking record to include data obtained during the automatic monitoring of the actual spoof site.
  - 12. The system of claim 11, wherein the spoof site monitoring module is to periodically attempt to access the document with the URL associated with the spoof site to determine whether the spoof site is still active.
  - 13. The system of claim 12, wherein the spoof site monitoring module is to update the spoof site tracking record to include data obtained during the automatic monitoring of the actual spoof site by adding to the spoof site tracking record data indicating the date and time of the last attempt to access the document with the URL associated with the spoof site and data indicating whether or not the document with the URL associated with the spoof site was accessible.
  - 14. The system of claim 1, wherein the system is part of a network-based commerce system.

15. A method for tracking a spoof site, the method including:
- responsive to receiving data identifying a potential spoof site, generating a spoof site tracking record in a database, the spoof site tracking record including the data identifying the potential spoof site; and
  
  notifying an administrator of the potential spoof site.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The method of claim 15, wherein the data identifying a potential spoof site is a URL identifying a document associated with the potential spoof site, the URL automatically extracted from an email.
  - 17. The method of claim 16, wherein notifying an administrator of the potential spoof site includes communicating the URL automatically extracted from the email to the administrator.
  - 18. The method of claim 16, further including:
    - analyzing the URL to determine whether the URL is associated with a previously identified spoof site for which a spoof site tracking record already exists and generating the spoof site tracking record only if the URL is not associated with a previously identified spoof site for which a spoof site tracking record already exists.
  - 19. The method of claim 15, further including:
    - responsive to receiving verification that the potential spoof site is an actual spoof site, retrieving data associated with the actual spoof site; and
      
      , updating the spoof site tracking record with the retrieved data associated with the actual spoof site.
  - 20. The method of claim 19, wherein the verification is received from an administrator who has viewed the potential spoof site and identified the potential spoof site as an actual spoof site.
  - 21. The method of claim 19, wherein retrieving data associated with the actual spoof site occurs automatically when verification is received that the potential spoof site is an actual spoof site.
  - 22. The method of claim 19, wherein retrieving data associated with the actual spoof site includes downloading the source code of a document associated with the actual spoof site.
  - 23. The method of claim 22, further including:
    - analyzing the source code of the document;
      
      generating a spoof page identifier for the document; and
      
      comparing the spoof page identifier to the spoof page identifiers of previously identified documents to determine if the source of the document is the same as the source of a previously identified document.
  - 24. The method of claim 19, further including:
    - analyzing the IP address of the server hosting the spoof site to determine an ISP associated with the IP address; and
      
      generating an email addressed to the ISP associated with the IP address, the email notifying the ISP of the spoof site and requesting the ISP to take action to remove the spoof site.
  - 25. The method of claim 24, wherein analyzing the IP address of the server hosting the spoof site and generating an email addressed to the ISP associated with the IP address occur automatically in response to receiving verification that the potential spoof site is an actual spoof site.
  - 26. The method of claim 24, further including:
    - automatically monitoring the actual spoof site to determine whether the actual spoof site is still active; and
      
      updating the spoof site tracking record to include data obtained during the automatic monitoring of the actual spoof site.
  - 27. The method of claim 26, wherein automatically monitoring the actual spoof site to determine whether the actual spoof site is still active includes periodically attempting to access the document with the URL associated with the spoof site.
  - 28. The method of claim 26, wherein updating the spoof site tracking record to include data obtained during the automatic monitoring of the actual spoof site includes adding to the spoof site tracking record data indicating the date and time of the last attempt to access the document with the URL associated with the spoof site and data indicating whether or not the document with the URL associated with the spoof site was accessible.

29. A system for tracking potentially fraudulent activity, the system including:
- storage means for storing spoof site tracking records;
  
  means for receiving data identifying a potential spoof site; and
  
  means for generating a spoof site tracking record in the storage means, the spoof site tracking record including the data identifying the potential spoof site.
- View Dependent Claims (30, 31, 32)
- - 30. The system of claim 29, wherein the data identifying a potential spoof site is a URL identifying a document associated with the potential spoof site, and the system further includes:
    - means for extracting the URL from an email received by the means for receiving data identifying a potential spoof site.
  - 31. The system of claim 30, further including:
    - an administrative module to automatically communicate the URL extracted from the email to an administrator.
  - 32. The system of claim 31, further including:
    - means for analyzing a URL to determine whether the URL is associated with a previously identified spoof site for which a spoof site tracking record already exists.

33. A method including:
- identifying at least one web site accessible via a network, wherein the web site falls within a predefined category;
  
  creating a record for the website in a database, the record identifying a hosting facility that hosts the web site; and
  
  communicating a message to the hosting facility, the message advising the hosting facility that the web site falls within the predefined category.
- View Dependent Claims (34)
- - 34. The method of claim 33, wherein the predefined category is a category of illegal web sites.

35. A system for tracking web sites, the system comprising:
- a tracking database;
  
  a tracking server configured to;
  
  identify at least one web site accessible via a network, wherein the web site falls within a predefined category;
  
  create a record for the website in a database, the record identifying a hosting facility that hosts the web site; and
  
  communicate a message to the hosting facility, the message advising the hosting facility that the web site falls within the predefined category.
- View Dependent Claims (36)
- - 36. The system of claim 35, wherein the predefined category is a category of illegal web sites.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Brown, Andrew Millard, Pham, Quang D., Henley, Mathew Gene, Edberg, Jeremy B.

Granted Patent

US 8,914,309 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

G06Q 20/4016   involving fraud or risk lev...

H04L 63/102   Entity profiles

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

Method and system for tracking fraudulent activity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

239 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for tracking fraudulent activity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

239 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links