Method and system for phishing detection
First Claim
1. A method for detection of phishing attempts in received electronic mail messages in a networked environment including a plurality of personal computers, and electronic mail server, the method comprising:
- receiving an incoming electronic mail message, wherein said electronic mail message includes an address;
retrieving the source code of said incoming message;
retrieving text as displayed to the recipient of said electronic message;
retrieving a list of all specified addresses from said retrieved source code;
applying visual character normalization to each said specified address to develop all possible address combinations and to form a normalized address list;
removing said specified addresses from said normalized address list to create a revised address list;
performing comparison tests to determine if each address in said revised address list is a valid address;
returning a message to said recipient that said electronic message may be a forgery if a tested address is found to be not valid;
performing said comparison tests on another address in said revised address list if said tested address is found to be valid; and
informing said recipient that said electronic message is valid and accepted if said tested address is found to be valid.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for detection of phishing attempts in received electronic mail messages includes retrieving the source code, displayed text, and a list of all specified addresses contained within the source code of a received electronic message. Visual character normalization is applied to each specified address to develop all possible address combinations and to form a normalized address list. The specified addresses are removed from the normalized address list to create a revised address list, upon which comparison tests are performed to determine if each address in the revised address list is from a valid source. The recipient of the electronic message is informed of any message found to be from an invalid source.
-
Citations
20 Claims
-
1. A method for detection of phishing attempts in received electronic mail messages in a networked environment including a plurality of personal computers, and electronic mail server, the method comprising:
-
receiving an incoming electronic mail message, wherein said electronic mail message includes an address; retrieving the source code of said incoming message; retrieving text as displayed to the recipient of said electronic message; retrieving a list of all specified addresses from said retrieved source code; applying visual character normalization to each said specified address to develop all possible address combinations and to form a normalized address list; removing said specified addresses from said normalized address list to create a revised address list; performing comparison tests to determine if each address in said revised address list is a valid address; returning a message to said recipient that said electronic message may be a forgery if a tested address is found to be not valid; performing said comparison tests on another address in said revised address list if said tested address is found to be valid; and informing said recipient that said electronic message is valid and accepted if said tested address is found to be valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for detection of phishing attempts in received electronic mail messages in a networked environment including a plurality of personal computers, and electronic mail server, the method comprising:
-
means for receiving an incoming electronic mail message, wherein said electronic mail message includes an address; means for retrieving the source code of said incoming message; means for retrieving text as displayed to the recipient of said electronic message; means for retrieving a list of all specified addresses from said retrieved source code; means for applying visual character normalization to each said specified address to develop all possible address combinations and to form a normalized address list; means for removing said specified addresses from said normalized address list to create a revised address list; means for performing comparison tests to determine if each address in said revised address list is a valid address; means for returning a message to said recipient that said electronic message may be a forgery if a tested address is found to be not valid; means for performing said comparison tests on another address in said revised address list if said tested address is found to be valid; and means for informing said recipient that said electronic message is valid and accepted if said tested address is found to be valid. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-readable storage medium having computer readable program code embodied in said medium which, when said program code is executed by a computer causes said computer to perform method steps for detection of phishing attempts in received electronic mail messages in a networked environment including a plurality of personal computers, an electronic mail server, the method comprising:
-
receiving an incoming electronic mail message, wherein said electronic mail message includes an address; retrieving the source code of said incoming message; retrieving text as displayed to the recipient of said electronic message; retrieving a list of all specified addresses from said retrieved source code; applying visual character normalization to each said specified address to develop all possible address combinations and to form a normalized address list; removing said specified addresses from said normalized address list to create a revised address list; performing comparison tests to determine if each address in said revised address list is a valid address; returning a message to said recipient that said electronic message may be a forgery if a tested address is found to be not valid; performing said comparison tests on another address in said revised address list if said tested address is found to be valid; and informing said recipient that said electronic message is valid and accepted if said tested address is found to be valid. - View Dependent Claims (20)
-
Specification