Online fraud solution

US 20070299777A1
Filed: 11/23/2004
Published: 12/27/2007
Est. Priority Date: 05/02/2004
Status: Active Grant

First Claim

Patent Images

1. In a relationship between a fraud protection provider and a customer, a system for combating online fraud, the system comprising:

a monitoring center for monitoring suspicious online activity, the monitoring center comprising;

a first computer, the first computer comprising a processor and instructions executable by the first computer to allow an analysis of an investigation of a uniform resource locator;

a first telecommunication link configured to provide communication between a technician and the customer, such that the technician can notify the customer of a result of the investigation of a uniform resource locator and the customer can provide instructions for responding to a fraudulent attempt to collect personal information; and

a second telecommunication link configured to provide data communication between the monitoring center and at least one additional computer; and

a second computer in communication with the monitoring center via the second telecommunication link, the second computer including a second processor and instructions executable by the second processor to;

access a data source comprising data about a possible fraudulent activity;

acquire from the data source the data about the possible fraudulent activity;

evaluate the data to determine whether the possible fraudulent activity should be investigated; and

investigate a uniform resource locator associated with the data to determine whether a server referenced by the uniform resource locator is associated with a fraudulent attempt to collect personal information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. Some embodiments function to access and/or obtain information from (and/or receive data from) a data source; the data might, for example, indicate a possible instance of online fraud. Certain embodiments, therefore, can be configured to analyze the data, e.g., to determine whether the data indicate a likely instance of online fraud. Such instances may be further investigated, and/or a response may be initiated. Data sources can include, without limitation, web pages, email messages, online chat sessions, domain zone files, newsgroups (and/or postings thereto), etc. Data obtained from the data sources can include, without limitation, suspect domain registrations, uniform resource locators, references to trademarks, advertisements, etc.

203 Citations

35 Claims

1. In a relationship between a fraud protection provider and a customer, a system for combating online fraud, the system comprising:
- a monitoring center for monitoring suspicious online activity, the monitoring center comprising;
  
  a first computer, the first computer comprising a processor and instructions executable by the first computer to allow an analysis of an investigation of a uniform resource locator;
  
  a first telecommunication link configured to provide communication between a technician and the customer, such that the technician can notify the customer of a result of the investigation of a uniform resource locator and the customer can provide instructions for responding to a fraudulent attempt to collect personal information; and
  
  a second telecommunication link configured to provide data communication between the monitoring center and at least one additional computer; and
  
  a second computer in communication with the monitoring center via the second telecommunication link, the second computer including a second processor and instructions executable by the second processor to;
  
  access a data source comprising data about a possible fraudulent activity;
  
  acquire from the data source the data about the possible fraudulent activity;
  
  evaluate the data to determine whether the possible fraudulent activity should be investigated; and
  
  investigate a uniform resource locator associated with the data to determine whether a server referenced by the uniform resource locator is associated with a fraudulent attempt to collect personal information.
- View Dependent Claims (2)
- - 2. A system for combating online fraud as recited in claim 1, wherein the data source is selected from the group consisting of a domain registration zone file, a newsgroup, an online chat room, and an email message.

3. In a relationship between a fraud protection provider and a customer, a computer system for combating online fraud, the computer system comprising:
- a processor; and
  
  a computer readable medium in communication with the processor, the computer readable medium comprising instructions executable by the processor to;
  
  access a data source comprising data about a possible fraudulent activity;
  
  acquire from the data source the data about the possible fraudulent activity;
  
  evaluate the data to determine whether the possible fraudulent activity should be investigated;
  
  investigate a uniform resource locator associated with the data to determine whether a server referenced by the uniform resource locator is associated with a fraudulent attempt to collect personal information; and
  
  initiate a response to the fraudulent attempt to collect personal information.

4. A computer system for investigating a suspicious uniform resource locator to determine whether a server referenced by the uniform resource locator may be involved in fraudulent activity, the computer system comprising:
- a processor; and
  
  a computer readable medium in communication with the processor, the computer readable medium comprising instructions executable by the processor to;
  
  access a data source to obtain data about a possible fraudulent activity;
  
  ascertain from the data a uniform resource locator that might be involved with the possible fraudulent activity;
  
  ascertain an address associated with a server referenced by the uniform resource locator;
  
  obtain information about an address the uniform resource locator appears to reference;
  
  compare the ascertained address with the information about the address the uniform resource locator appears to reference; and
  
  based on the comparison of the ascertained address and the information about the address the uniform resource locator appears to reference, determine whether the uniform resource locator is fraudulent.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 5. A computer system as recited in claim 4, wherein the information about the address the uniform resource locator appears to reference comprises information about an owner of the address.
  - 6. A computer system as recited in claim 4, wherein the information about the address the uniform resource locator appears to reference comprises information about a domain registered with respect to the address.
  - 7. A computer system as recited in claim 4, wherein the data source comprises a web page.
  - 8. A computer system as recited in claim 4, wherein the data source comprises an email message.
  - 9. A computer system as recited in claim 4, wherein the data source comprises an online chat session.
  - 10. A computer system as recited in claim 4, wherein the data source comprises a newsgroup.
  - 11. A computer system as recited in claim 4, wherein the data source comprises a domain registration zone file.
  - 12. A computer system as recited in claim 11, wherein the data about a possible fraudulent activity comprises a suspect domain registration.
  - 13. A computer system as recited in claim 4, wherein the data about a possible fraudulent activity comprises an advertisement.
  - 14. A computer system as recited in claim 4, wherein the data about a possible fraudulent activity comprises a reference to a trademark.

15. A method of combating online fraud, the method comprising:
- accessing with a computer a data source comprising data about a possible fraudulent activity;
  
  acquiring from the data source the data about the possible fraudulent activity;
  
  evaluating the data to determine whether the possible fraudulent activity should be investigated; and
  
  investigating a uniform resource locator associated with the data to determine whether a server referenced by the uniform resource locator is associated with a fraudulent activity.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 16. A method of combating online fraud as recited in claim 15, wherein the fraudulent activity comprises a fraudulent attempt to collect personal information from a user.
  - 17. A method of combating online fraud as recited in claim 15, the method further comprising:
    - initiating a response to the fraudulent activity.
  - 18. A method of combating online fraud as recited in claim 17, wherein initiating a response to the fraudulent attempt to collect personal information comprises:
    - submitting for reception by the server referenced by the uniform resource locator a plurality of substantially simultaneous hypertext transfer protocol (“
      
      HTTP”
      
      ) requests.
  - 19. A method of combating online fraud as recited in claim 18, wherein each of the HTTP requests comprises a response to a request from the server for personal information.
  - 20. A method of combating online fraud as recited in claim 19, wherein each of the HTTP requests comprises a set of safe data associated with a fictitious identity, and wherein each set of safe data appears to comprise a valid response to the request from the server for personal information.
  - 21. A method of combating online fraud as recited in claim 19, wherein the request from the server comprises an online form.
  - 22. A method of combating online fraud as recited in claim 18,wherein the plurality of substantially simultaneous HTTP requests is sufficient to substantially prevent the server from responding to an HTTP request submitted by a third party.
  - 23. A method of combating online fraud as recited in claim 18, the method further comprising:
    - implementing at least one countermeasure to defeat an attempt to filter the HTTP requests.
  - 24. A method of combating online fraud as recited in claim 18, wherein the plurality of substantially simultaneous HTTP requests exceed a threshold for simultaneous HTTP connections, the threshold being established by a connection table maintained by the server.
  - 25. A method of combating online fraud as recited in claim 24, wherein initiating a response to the fraudulent activity further comprises:
    - determining, based on a response from the server, whether the plurality of substantially simultaneous HTTP requests has exceeded the threshold for simultaneous HTTP connections.
  - 26. A method of combating online fraud as recited in claim 18, wherein initiating a response to the fraudulent activity further comprises:
    - continually sending a plurality of substantially simultaneous HTTP requests over a certain period of time, such that the server is substantially unable to respond, for the certain period of time, to an HTTP request submitted by a third party.
  - 27. A method of combating online fraud as recited in claim 18, wherein the plurality of substantially simultaneous HTTP requests are not sufficient to impair a network infrastructure providing communication with the server.
  - 28. A method of combating online fraud as recited in claim 17, wherein initiating a response to the fraudulent activity comprises:
    - interfacing with a plurality of distributed computers; and
      
      instructing the plurality of distributed computers to submit at least one HTTP request to the server.
  - 29. A method of combating online fraud as recited in claim 28, wherein each of the plurality of distributed computers is associated with one of a diverse plurality of IP addresses, such that each of the plurality of distributed computers is associated with an IP address dissimilar to the rest of the diverse plurality of IP addresses.
  - 30. A method of combating online fraud as recited in claim 29, wherein each of the diverse plurality of IP addresses is associated with one of a plurality of retail Internet service providers.

31. A method of investigating a suspicious uniform resource locator to determine whether a server referenced by the uniform resource locator may be involved in fraudulent activity, the method comprising:
- accessing with a computer a data source to obtain data about a possible fraudulent activity;
  
  ascertaining from the data a uniform resource locator that might be involved with the possible fraudulent activity;
  
  ascertaining an address associated with a server referenced by the uniform resource locator;
  
  obtaining information about an address the uniform resource locator appears to reference;
  
  comparing the ascertained address with the information about the address the uniform resource locator appears to reference; and
  
  based on the comparison of the ascertained address and the information about the address the uniform resource locator appears to reference, determining whether the uniform resource locator is fraudulent.

32. A system for combating online fraud, the system comprising:
- means for accessing a data source comprising data about a possible fraudulent activity;
  
  means for acquiring from the data source the data about the possible fraudulent activity;
  
  means for evaluating the data to determine whether the possible fraudulent activity should be investigated; and
  
  means for investigating a uniform resource locator associated with the data to determine whether a server referenced by the uniform resource locator is associated with a fraudulent attempt to collect personal information.

33. A system for investigating a suspicious uniform resource locator to determine whether a server referenced by the uniform resource locator may be involved in fraudulent activity, the system comprising:
- means for accessing a data source to obtain data about a possible fraudulent activity;
  
  means for ascertaining from the data a uniform resource locator that might be involved with the possible fraudulent activity;
  
  means for ascertaining an address associated with a server referenced by the uniform resource locator;
  
  means for obtaining information about an address the uniform resource locator appears to reference;
  
  means for comparing the ascertained address with the information about the address the uniform resource locator appears to reference; and
  
  means for determining, based on the comparison of the ascertained address and the information about the address the uniform resource locator appears to reference, whether the uniform resource locator is fraudulent.

34. A software program embodied on a computer-readable medium, the software program comprising instructions executable by a computer to:
- access a data source comprising data about a possible fraudulent activity;
  
  acquire from the data source the data about the possible fraudulent activity;
  
  evaluate the data to determine whether the possible fraudulent activity should be investigated; and
  
  investigate a uniform resource locator associated with the data to determine whether a server referenced by the uniform resource locator is associated with a fraudulent attempt to collect personal information.

35. A software program embodied on a computer-readable medium, the software program comprising instructions executable by a computer to:
- access a data source to obtain data about a possible fraudulent activity;
  
  ascertain from the data a uniform resource locator that might be involved with the possible fraudulent activity;
  
  ascertain an address associated with a server referenced by the uniform resource locator;
  
  obtain information about an address the uniform resource locator appears to reference;
  
  compare the ascertained address with the information about the address the uniform resource locator appears to reference; and
  
  determine, based on the comparison of the ascertained address and the information about the address the uniform resource locator appears to reference, whether the uniform resource locator is fraudulent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thomson Reuters Global Resources
Original Assignee
MarkMonitor Inc.
Inventors
Shraim, Ihab, Shull, Mark

Granted Patent

US 9,203,648 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 63/1491   using deception as counterm...

Online fraud solution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

203 Citations

35 Claims

Specification

Use Cases

Quick Links

Others

Online fraud solution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

203 Citations

35 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others