Attack resistant phishing detection
First Claim
1. A phishing detection server component, comprising:
- of the a report store that stores information regarding password reuse event reports employed to perform phishing analysis; and
, a report verification component that receives a password reuse event report comprising a timestamp, the verification component first determines whether the timestamp is genuine, and, if it is genuine, employs the timestamp to determine whether the report is false, and, if the report is determined to be false, stores an indication that the report is false and not to be employed to perform phishing analysis.
2 Assignments
0 Petitions
Accused Products
Abstract
A phishing detection server component and method is provided. The component can be employed as part of a system to detect/phishing attacks. The phishing detection server component can receive password reuse event report(s), for example, from a protection component of client component(s). Due to the malicious nature of phishing in general, the phishing detection server component can be susceptible to attacks by phishers (e.g., by reverse engineering of the client component). For example, false report(s) of PREs can be received from phisher(s) in an attempt to overwhelm the server component, induce false positives and/or induce false negatives. Upon receipt of a PRE report, the phishing detection server component can first verify that the timestamp(s) are genuine (e.g., previously generated by the phishing detection server component). The report verification component can employ the timestamp(s) to verify veracity of the report (e.g., to minimize attacks by phishers).
199 Citations
20 Claims
-
1. A phishing detection server component, comprising:
- of the
a report store that stores information regarding password reuse event reports employed to perform phishing analysis; and
,a report verification component that receives a password reuse event report comprising a timestamp, the verification component first determines whether the timestamp is genuine, and, if it is genuine, employs the timestamp to determine whether the report is false, and, if the report is determined to be false, stores an indication that the report is false and not to be employed to perform phishing analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- of the
-
14. A phishing detection server component, comprising:
-
a report store that stores information regarding password reuse event reports employed to perform phishing analysis; and
,a report verification component that receives password reuse event reports from a plurality of client components, each report comprising a timestamp, the report verification component analyzes the reports to ascertain a suspected phishing site and a target. - View Dependent Claims (15, 16)
-
-
17. A method of verifying a password reuse event report, comprising:
-
receiving the password reuse event report, the report comprising information regarding a client'"'"'s protected credential;
determining that phishing has occurred; and
,providing a target with user information of a phished user. - View Dependent Claims (18, 19, 20)
-
Specification