Phishing Detection, Prevention, and Notification

US 20070033639A1
Filed: 09/30/2006
Published: 02/08/2007
Est. Priority Date: 12/02/2004
Status: Abandoned Application

First Claim

Patent Images

1. A system, comprising a phishing detection module configured to compare a history of user activity to a list of known phishing domains, and further configured to initiate a warning if a domain similar to a known phishing domain is included in the history of user activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

Citations

20 Claims

1. A system, comprising a phishing detection module configured to compare a history of user activity to a list of known phishing domains, and further configured to initiate a warning if a domain similar to a known phishing domain is included in the history of user activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A system as recited in claim 1, wherein the phishing detection module is a component of a Web browsing application, and is further configured to initiate the warning to a user to identify a visited Web site as a phishing Web site.
  - 3. A system as recited in claim 1, wherein the phishing detection module is a component of a Web browsing application, and is further configured to maintain a history of data submitted via a Web browsing user interface to one or more visited Web sites.
  - 4. A system as recited in claim 1, wherein the phishing detection module is a component of a Web browsing application, is further configured to maintain a history of data submitted via a Web browsing user interface to one or more visited Web sites, and is further configured to initiate the warning to a user in an event that data is submitted to a phishing Web site.
  - 5. A system as recited in claim 1, wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that a suspected phishing communication is rendered for viewing.
  - 6. A system as recited in claim 1, wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that the user replies to a phishing communication.
  - 7. A system as recited in claim 1, wherein the phishing detection module is a component of a messaging application, and is further configured to initiate the warning to a user in an event that the user communicates a message to a phishing address.
  - 8. A system as recited in claim 1, wherein the phishing detection module is a component of a messaging application, and is further configured to receive a warning message in an event that private information is potentially disclosed.
  - 9. A system as recited in claim 1, further comprising an email server configured to communicate a warning message to the messaging application in an event that private information is potentially disclosed.

10. A method, comprising:
- receiving content from a network-based resource;
  
  rendering a user interface of a Web browsing application to display the content received from the network-based resource;
  
  detecting a suspicious user-selectable link in the content that is a link to at least one of an additional network-based resource, a URL (Uniform Resource Locator), or an email address; and
  
  generating a warning that explains why the user-selectable link is suspicious.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A method as recited in claim 10, wherein generating the warning includes generating the warning to explain that the user-selectable link includes at least one of an “
    - @”
      
      sign, suspicious encoding, an IP (Internet Protocol) address, a redirector, a link text and a mismatched URL (Uniform Resource Locator), or that the user-selectable link is a known phishing site.
  - 12. A method as recited in claim 10, wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link is similar to a known fraudulent target.
  - 13. A method as recited in claim 10, wherein generating the warning includes generating the warning to explain a difference between a valid user-selectable link and the suspicious user-selectable link.
  - 14. A method as recited in claim 10, wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes suspicious text content.
  - 15. A method as recited in claim 10, wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes suspicious text content in a title bar of the user interface of the Web browsing application.

16. A method, comprising:
- rendering a messaging user interface to facilitate communication via a messaging application;
  
  receiving a communication from a domain;
  
  detecting a suspicious user-selectable link in the communication that is a link to at least one of a network-based resource, a URL (Uniform Resource Locator), or an email address; and
  
  generating a warning that explains why the user-selectable link is suspicious.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A method as recited in claim 16, wherein generating the warning includes generating the warning to explain that the user-selectable link includes at least one of an “
    - @”
      
      sign, suspicious encoding, an IP (Internet Protocol) address, a redirector, or link text and a mismatched URL (Uniform Resource Locator).
  - 18. A method as recited in claim 16, wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link is similar to a known fraudulent target.
  - 19. A method as recited in claim 16, wherein generating the warning includes generating the warning to explain a difference between a valid user-selectable link and the suspicious user-selectable link.
  - 20. A method as recited in claim 16, wherein detecting the suspicious user-selectable link includes detecting that the user-selectable link includes at least one of a suspicious sender address, or display name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rounthwaite, Robert, Mishra, Manav, Averbuch, Aaron, Goodman, Joshua, Penta, Anthony, Hulten, Geoffrey, Richards, Kenneth, Deyo, Roderict, Rehfuss, Paul

Application Number

US11/537,640
Publication Number

US 20070033639A1
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

Phishing Detection, Prevention, and Notification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Phishing Detection, Prevention, and Notification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links