Methods and systems for analyzing data related to possible online fraud
First Claim
1. A method of categorizing a web site as a possibly fraudulent web site, the method comprising:
- a computer accessing a set of data related to the web site;
the computer dividing the set of data into a plurality of components;
analyzing at least some of the plurality of components;
assigning a score to each of the analyzed components, the score being based on an analysis of each of the analyzed components, such that a plurality of scores are assigned;
assigning a composite score to the set of data, the composite score being based on the plurality of scores; and
based on the composite score, categorizing the web site as a possibly fraudulent web site.
9 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of the invention provide methods, systems and software for analyzing data. In particular embodiments, for example, a set of data about a web site may be analyzed to determine whether the web site is likely to be illegitimate (e.g., to be involved in a fraudulent scheme, such as a phishing scheme, the sale of gray market goods, etc.). In an exemplary embodiment, a set of data may be divided into a plurality of components (each of which, in some cases, may be considered a separate data set). Merely by way of example, a set of data may comprise data gathered from a plurality of data sources, and/or each component may comprise data gathered from one of the plurality of data sources. As another example, a set of data may comprise a document with a plurality of sections, and each component may comprise one of the plurality of sections. Those skilled in the art will appreciate that the analysis of a particular component may comprise certain tests and/or evaluations, and that the analysis of another component may comprise different tests and/or evaluations. In other cases, the analysis of each component may comprise similar tests and/or evaluations. The variety of tests and/or evaluations generally will be implementation specific.
-
Citations
81 Claims
-
1. A method of categorizing a web site as a possibly fraudulent web site, the method comprising:
-
a computer accessing a set of data related to the web site;
the computer dividing the set of data into a plurality of components;
analyzing at least some of the plurality of components;
assigning a score to each of the analyzed components, the score being based on an analysis of each of the analyzed components, such that a plurality of scores are assigned;
assigning a composite score to the set of data, the composite score being based on the plurality of scores; and
based on the composite score, categorizing the web site as a possibly fraudulent web site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of categorizing an email message, the method comprising:
-
a computer dividing the email message into a plurality of components;
the computer analyzing at least one of the plurality of components;
based on the analysis of the at least one of the plurality of components, assigning a score to the at least one of the plurality of components; and
categorizing the email message based on the score assigned to the at least one of the plurality of components - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of categorizing a web site, the method comprising:
-
a computer performing a plurality of tests on the web site;
the computer assigning a score based on each of the plurality of tests;
the computer assigning a composite score to the web site based on the scores for each of the plurality of tests; and
the computer categorizing the web site based on the composite score. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A method of categorizing a domain as a possibly illegitimate domain, the method comprising:
-
a computer accessing a domain registration record associated with the domain;
performing a plurality of tests with respect to the domain;
for each of the plurality of tests, assigning a score to the domain, such that a plurality of scores are assigned to the domain;
assigning a composite score to the domain, the composite score being based on the plurality of scores; and
based on the composite score, categorizing the domain as a possibly illegitimate domain. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51)
-
-
52. A method of categorizing a web site as a possibly fraudulent web site, the method comprising:
-
identifying a uniform resource locator (“
URL”
) referencing a web site;
(a) a computer verifying that the web site referenced by the URL is active;
(b) a computer analyzing information about a domain referenced by the URL;
(c) a computer analyzing the format of the URL; and
based on a result of each of (a), (b) and (c), categorizing the web site referenced by the URL as a possibly fraudulent web site. - View Dependent Claims (53, 54, 55, 56, 57, 58)
-
-
59. A method of categorizing a web site as a possibly fraudulent web site, wherein the web site comprises a web page, the method comprising:
-
a computer analyzing a uniform resource locator (“
URL”
) referencing the web site;
a computer analyzing a server hosting the web site;
analyzing the web page; and
based on the analysis of the URL referencing the web site, the analysis of the server hosting the web site, and the analysis of the web page, categorizing the web site as a possibly fraudulent web site. - View Dependent Claims (60, 61, 62, 63)
-
-
64. A computer system for categorizing a web site as a possibly fraudulent web site, the computer system comprising a processor and instructions executable by the processor to:
-
access a set of data related to the web site;
divide the set of data into a plurality of components;
analyze at least some of the plurality of components;
assign a score to each of the analyzed components, the score being based on an analysis of each of the analyzed components, such that a plurality of scores are assigned;
assign a composite score to the set of data, the composite score being based on the plurality of scores; and
based on the composite score, categorize the web site as a possibly fraudulent web site.
-
-
65. A computer system for categorizing an email message, the computer system comprising a processor and instructions executable by the processor to:
-
divide the email message into a plurality of components;
analyze at least one of the plurality of components;
based on the analysis of the at least one of the plurality of components, assign a score to the at least one of the plurality of components; and
categorize the email message based on the score assigned to the at least one of the plurality of components.
-
-
66. A computer system for categorizing a web site, the computer system comprising a processor and instructions executable by the processor to:
-
perform a plurality of tests on the web site;
assign a score to each of the plurality of tests;
assign a composite score to the web site based on the scores for each of the plurality of tests; and
categorize the web site based on the composite score.
-
-
67. A computer system for categorizing a domain as a possibly illegitimate domain, the computer system comprising a processor and instructions executable by the processor to:
-
access a domain registration;
perform a plurality of tests with respect to the domain;
for each of the plurality of tests, assign a score to the domain, such that a plurality of scores are assigned to the domain;
assign a composite score to the domain, the composite score being based on the plurality of scores; and
based on the composite score, categorize the domain as a possibly illegitimate domain.
-
-
68. A computer system for categorizing a web site as a possibly fraudulent web site, the computer system comprising a processor and instructions executable by the processor to:
-
identify a uniform resource locator (“
URL”
) referencing a web site;
(a) verify that the web site referenced by the URL is active;
(b) analyze information about a domain referenced by the URL;
(c) analyze the format of the URL; and
based on a result of each of (a), (b) and (c), categorize the web site referenced by the URL as a possibly fraudulent web site.
-
-
69. A computer system for categorizing a web site as a possibly fraudulent web site, wherein the web site comprises a web page, the computer system comprising a processor and instructions executable by the processor to:
-
analyze a uniform resource locator (“
URL”
) referencing the web site;
analyze a server hosting the web site;
analyze the web page; and
based on the analysis of the URL referencing the web site, the analysis of the server hosting the web site, and the analysis of the web page, categorize the web site as a possibly fraudulent web site.
-
-
70. A software program embodied on a computer readable medium, the software program comprising instructions executable by one or more computers to:
-
access a set of data related to a web site;
divide the set of data into a plurality of components;
analyze at least some of the plurality of components;
assign a score to each of the analyzed components, the score being based on an analysis of each of the analyzed components, such that a plurality of scores are assigned;
assign a composite score to the set of data, the composite score being based on the plurality of scores; and
based on the composite score, categorize the web site as a possibly fraudulent web site.
-
-
71. A software program embodied on a computer readable medium, the software program comprising instructions executable by one or more computers to:
-
divide an email message into a plurality of components;
analyze at least one of the plurality of components;
based on the analysis of the at least one of the plurality of components, assign a score to the at least one of the plurality of components; and
categorize the email message based on the score assigned to the at least one of the plurality of components.
-
-
72. A software program embodied on a computer readable medium, the software program comprising instructions executable by one or more computers to:
-
perform a plurality of tests on a web site;
assign a score to each of the plurality of tests;
assign a composite score to the web site based on the scores for each of the plurality of tests; and
categorize the web site based on the composite score.
-
-
73. A software program embodied on a computer readable medium, the software program comprising instructions executable by one or more computers to:
-
access a domain registration;
perform a plurality of tests with respect to a domain associated with the domain registration;
for each of the plurality of tests, assign a score to the domain, such that a plurality of scores are assigned to the domain;
assign a composite score to the domain, the composite score being based on the plurality of scores; and
based on the composite score, categorize the domain as a possibly illegitimate domain.
-
-
74. A software program embodied on a computer readable medium, the software program comprising instructions executable by one or more computers to:
-
identify a uniform resource locator (“
URL”
) referencing a web site;
(a) verify that the web site referenced by the URL is active;
(b) analyze information about a domain referenced by the URL;
(c) analyze the format of the URL; and
based on a result of each of (a), (b) and (c), categorize the web site referenced by the URL as a possibly fraudulent web site.
-
-
75. A software program embodied on a computer readable medium, the software program comprising instructions executable by one or more computers to:
-
analyze a uniform resource locator (“
URL”
) referencing a web site, wherein the web site comprises a web page;
analyze a server hosting the web site;
analyze the web page; and
based on the analysis of the URL referencing the web site, the analysis of the server hosting the web site, and the analysis of the web page, categorize the web site as a possibly fraudulent web site.
-
-
76. A system, comprising:
-
means for accessing a set of data related to a web site;
means for dividing the set of data into a plurality of components;
means for analyzing at least some of the plurality of components;
means for assigning a score to each of the analyzed components, the score being based on an analysis of each of the analyzed components, such that a plurality of scores are assigned;
means for assigning a composite score to the set of data, the composite score being based on the plurality of scores; and
based on the composite score, means for categorizing the web site as a possibly fraudulent web site.
-
-
77. A system, comprising:
-
means for dividing an email message into a plurality of components;
means for analyzing at least one of the plurality of components;
based on the analysis of the at least one of the plurality of components, means for assigning a score to the at least one of the plurality of components; and
means for categorizing the email message based on the score assigned to the at least one of the plurality of components.
-
-
78. A system, comprising:
-
means for performing a plurality of tests on a web site;
means for assigning a score to each of the plurality of tests;
means for assigning a composite score to the web site based on the scores for each of the plurality of tests; and
means for categorizing the web site based on the composite score.
-
-
79. A system, comprising:
-
means for accessing a domain registration;
means for performing a plurality of tests with respect to a domain associated with the domain registration;
for each of the plurality of tests, means for assigning a score to the domain, such that a plurality of scores are assigned to the domain;
means for assigning a composite score to the domain, the composite score being based on the plurality of scores; and
based on the composite score, means for categorizing the domain as a possibly illegitimate domain.
-
-
80. A system, comprising:
-
means for identify a uniform resource locator (“
URL”
) referencing a web site;
means for (a) verifying that the web site referenced by the URL is active;
means for (b) analyzing information about a domain referenced by the URL;
means for (c) analyzing the format of the URL; and
based on a result of each of (a), (b) and (c), means for categorizing the web site referenced by the URL as a possibly fraudulent web site.
-
-
81. A system, comprising:
-
means for analyzing a uniform resource locator (“
URL”
) referencing a web site, wherein the web site comprises a web page;
means for analyzing a server hosting the web site;
means for analyzing the web page; and
based on the analysis of the URL referencing the web site, the analysis of the server hosting the web site, and the analysis of the web page, means for categorizing the web site as a possibly fraudulent web site.
-
Specification