Phishing Detection, Prevention, and Notification

US 20070039038A1
Filed: 09/30/2006
Published: 02/15/2007
Est. Priority Date: 12/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving content from a network-based resource;

rendering a user interface of a Web browsing application to display the content received from the network-based resource; and

preventing a phishing attack at least in part by determining that the content is received from the network-based resource in response to a request for the content from a messaging application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

189 Citations

20 Claims

1. A method, comprising:
- receiving content from a network-based resource;
  
  rendering a user interface of a Web browsing application to display the content received from the network-based resource; and
  
  preventing a phishing attack at least in part by determining that the content is received from the network-based resource in response to a request for the content from a messaging application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1, wherein preventing the phishing attack includes communicating a warning that the content may contain the phishing attack.
  - 3. A method as recited in claim 1, further comprising communicating a warning to a user via the user interface that the content may contain the phishing attack.
  - 4. A method as recited in claim 1, further comprising communicating a warning to a user via the messaging application that the content may contain the phishing attack.
  - 5. A method as recited in claim 1, wherein preventing the phishing attack includes determining via a referring page and a list of known Web-based email systems that the content is received in response to the request from the messaging application.
  - 6. A method as recited in claim 1, further comprising obtaining a suspicion score from the messaging application, the suspicion score indicating a likelihood of the phishing attack, and wherein preventing the phishing attack includes combining the suspicion score with phishing information corresponding to the network-based resource to further determine the likelihood of the phishing attack.
  - 7. A method as recited in claim 1, further comprising receiving a communication from the messaging application that the content was requested via the messaging application, the messaging application utilizing at least one of a referring page, a URI (Uniform Resource Identifier), a Web browser switch, or a Web browser API (Application Program Interface) to communicate with the Web browsing application.

8. A system, comprising:
- a Web browsing application configured to receive content from a network-based resource and initiate a display of the content on a user interface;
  
  a messaging application configured to facilitate communication via a messaging user interface; and
  
  a phishing detection module configured to prevent a phishing attack by determining that content received from the network-based resource is in response to a request for the content from the messaging application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A system as recited in claim 8, wherein the phishing detection module is further configured to communicate a warning that the content may contain the phishing attack.
  - 10. A system as recited in claim 8, wherein the phishing detection module is further configured to communicate a warning to a user via the user interface that the content may contain the phishing attack.
  - 11. A system as recited in claim 8, wherein the phishing detection module is further configured to communicate a warning to a user via the messaging application that the content may contain the phishing attack.
  - 12. A system as recited in claim 8, wherein the phishing detection module is further configured to determine via a referring page and a list of known Web-based email systems that the content is received in response to the request from the messaging application.
  - 13. A system as recited in claim 8, wherein the phishing detection module is further configured to obtain a suspicion score from the messaging application, the suspicion score indicating a likelihood of the phishing attack, and wherein the phishing detection module is further configured to combine the suspicion score with phishing information corresponding to the network-based resource to further determine the likelihood of the phishing attack.
  - 14. A system as recited in claim 8, wherein the messaging application is further configured to communicate to the Web browsing application that the content was requested via the messaging application, the messaging application further configured to utilize at least one of a referring page, a URI (Uniform Resource Identifier), a Web browser switch, or a Web browser API (Application Program Interface) to communicate to the Web browsing application.

15. A system, comprising:
- a Web browsing application configured to receive content from a network-based resource and initiate a display of the content; and
  
  a phishing detection module configured to implement machine learning to detect a phishing attack in the content.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A system as recited in claim 15, wherein the phishing detection module utilizes discriminative training to implement the machine learning.
  - 17. A system as recited in claim 15, wherein the phishing detection module is further configured to communicate a warning that the content may contain the phishing attack.
  - 18. A system as recited in claim 15, wherein the phishing detection module is further configured to communicate a warning to a user via a user interface of the Web browsing application that the content may contain the phishing attack.
  - 19. A system as recited in claim 15, wherein the phishing detection module is further configured to communicate a warning to a user via a messaging application that the content may contain the phishing attack.
  - 20. A system as recited in claim 15, wherein the phishing detection module is further configured to determine via a referring page and a list of known Web-based email systems that the content is received in response to a request from a messaging application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rounthwaite, Robert, Mishra, Manav, Penta, Anthony, Averbuch, Aaron, Goodman, Joshua, Hulten, Geoffrey, Richards, Kenneth, Deyo, Roderic, Rehfuss, Paul

Granted Patent

US 8,291,065 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

Phishing Detection, Prevention, and Notification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

189 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Phishing Detection, Prevention, and Notification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links