Method and apparatus for detecting and reporting phishing attempts

US 20080244715A1
Filed: 03/27/2007
Published: 10/02/2008
Est. Priority Date: 03/27/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for detecting phishing, wherein phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate entity, the method comprising:

receiving data from a server at a client;

determining if a code within the data matches a code within data provided by a known entity;

if so, determining if other attributes in the data match attributes in the data provided by the known entity; and

if not, determining that the data comprises a phishing attempt.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates detecting phishing, wherein phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate entity. The system operates by receiving data from a server at a client. Next, the system determines if an attribute (such as a visual appearance of a presentation) encoded in the data matches an attribute encoded in data provided by a known entity. If so, the system determines if other attributes in the data match attributes in the data provided by the known entity. If not, the system determines that the data comprises a phishing attempt.

51 Citations

View as Search Results

25 Claims

1. A method for detecting phishing, wherein phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate entity, the method comprising:
- receiving data from a server at a client;
  
  determining if a code within the data matches a code within data provided by a known entity;
  
  if so, determining if other attributes in the data match attributes in the data provided by the known entity; and
  
  if not, determining that the data comprises a phishing attempt.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the code within the data includes code that generates visual elements.
  - 3. The method of claim 2, wherein the code that generates visual elements includes HyperText Markup Language (HTML) or eXtensible Markup Language (XML).
  - 4. The method of claim 1, wherein if it is determined that the data comprises a phishing attempt, the method further involves notifying the known entity that a phishing attempt was detected.
  - 5. The method of claim 1, wherein receiving the data from the server at the client involves receiving the data from an email server at an email client.
  - 6. The method of claim 1, wherein receiving the data from the server at the client involves receiving data from a web server in a web browser.
  - 7. The method of claim 5, wherein if it is determined that the data comprises a phishing attempt, the method further involves notifying the user that the data comprises a phishing attempt.
  - 8. The method of claim 7, wherein after notifying the user that the data comprises a phishing attempt, the method further involves receiving a command from the user, wherein the command includes at least one of:
    - instructing the web browser to abort loading the data;
      
      instructing the web browser to continue loading the data; and
      
      instructing the web browser to load the known data.
  - 9. The method of claim 1, wherein the other attributes includes at least one of:
    - a digital certificate;
      
      a visual appearance;
      
      a digital watermark;
      
      a token;
      
      an image recognition signature;
      
      an Internet Protocol (IP) address; and
      
      a Uniform Resource Locator (URL).
  - 10. The method of claim 1, wherein the process of determining if the other attributes of the data match attributes of the known entity takes place at one of:
    - a web browser;
      
      a web browser plug-in;
      
      an email client;
      
      an email client plug-in;
      
      an email server;
      
      a standalone application;
      
      a service executing on the client; and
      
      a proxy server coupled between the server and the client.
  - 11. The method of claim 1, further comprising:
    - receiving a response from the user indicating that the data is suspected to comprise a phishing attempt; and
      
      in response to the request, notifying the known entity that a phishing attempt has been detected.
  - 12. The method of claim 1, further comprising periodically updating a database containing data associated with known entities.

13. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for detecting phishing, wherein phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate entity, the method comprising:
- receiving data from a server at a client;
  
  determining if a code within the data matches a code within data provided by a known entity;
  
  if so, determining if other attributes in the data match attributes in the data provided by the known entity; and
  
  if not, determining that the data comprises a phishing attempt.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, wherein the code within the data includes code that generates visual elements.
  - 15. The method of claim 14, wherein the code that generates visual elements includes HyperText Markup Language (HTML) or extensible Markup Language (XML).
  - 16. The computer-readable storage medium of claim 13, wherein if it is determined that the data comprises a phishing attempt, the method further involves notifying the known entity that a phishing attempt was detected.
  - 17. The computer-readable storage medium of claim 13, wherein receiving the data from the server at the client involves receiving the data from an email server at an email client.
  - 18. The computer-readable storage medium of claim 13, wherein receiving the data from the server at the client involves receiving data from a web server in a web browser.
  - 19. The computer-readable storage medium of claim 18, wherein if it is determined that the data comprises a phishing attempt, the method further involves notifying the user that the data comprises a phishing attempt.
  - 20. The computer-readable storage medium of claim 19, wherein after notifying the user that the data comprises a phishing attempt, the method further involves receiving a command from the user, wherein the command includes at least one of:
    - instructing the web browser to abort loading the data;
      
      instructing the web browser to continue loading the data; and
      
      instructing the web browser to load the known data.
  - 21. The computer-readable storage medium of claim 13, wherein the other attributes includes at least one of:
    - a digital certificate;
      
      a visual appearance;
      
      a digital watermark;
      
      a token;
      
      an image recognition signature;
      
      an Internet Protocol (IP) address; and
      
      a Uniform Resource Locator (URL).
  - 22. The computer-readable storage medium of claim 13, wherein the process of determining if the other attributes of the data match attributes of the known entity takes place at one of:
    - a web browser;
      
      a web browser plug-in;
      
      an email client;
      
      an email client plug-in;
      
      an email server;
      
      a standalone application;
      
      a service executing on the client; and
      
      a proxy server coupled between the server and the client.
  - 23. The computer-readable storage medium of claim 13, wherein the method further comprises:
    - receiving a response from the user indicating that the data is suspected to comprise a phishing attempt; and
      
      in response to the request, notifying the known entity that a phishing attempt has been detected.
  - 24. The computer-readable storage medium of claim 13, wherein the method further comprises periodically updating a database containing data associated with known entities.

25. An apparatus configured to detect phishing, wherein phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate entity, comprising:
- a receiving mechanism configured to receive data from a server at a client;
  
  a determination mechanism configured to determine if a code within the data matches a code within data provided by a known entity;
  
  wherein the determination mechanism is further configured to determine if other attributes in the data match attributes in the data provided by the known entity if the visual appearance of the presentation encoded in the data matches the visual appearance of the presentation encoded in data provided by the known entity; and
  
  wherein the determination mechanism is further configured to determine that the data comprises a phishing attempt if other attributes in the data do not match attributes in the data provided by the known entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Pedone, Tim

Application Number

US11/729,077
Publication Number

US 20080244715A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/1441 Countermeasures against mal...

H04L 63/1491 using deception as counterm...

Method and apparatus for detecting and reporting phishing attempts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for detecting and reporting phishing attempts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links