DEVICES, SYSTEMS AND COMPUTER-IMPLEMENTED METHODS FOR PREVENTING PASSWORD LEAKAGE IN PHISHING ATTACKS
First Claim
1. A computer-implemented method, comprising:
- requesting, by a web browser, a webpage of a website over a computer network;
waiting for the requested webpage and all of the resources of the requested webpage to be loaded in the web browser;
waiting for an event on the loaded webpage;
identifying forms on the loaded webpage having fields associated with user credentials;
adding, to the identified forms, at least one of;
an input event listener to at least one of the identified fields, anda click event listener to at least one button or link belonging to the identified forms;
capturing user credentials input to at least one of the forms using the input event listener and/or the click event listener;
generating hashes of the captured user credentials by applying a key-stretching algorithm using a cryptographic salt to the captured user credentials;
storing the generated hashes in a memory, andpreventing leakage of user credentials to phishing websites by comparing the generated hashes stored in the memory with entries of a list of trusted websites hashed credentials and by requesting and acting upon input indicative of whether the website is trusted or whether the website is unknown and/or untrusted.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user credentials to the website.
1 Citation
20 Claims
-
1. A computer-implemented method, comprising:
-
requesting, by a web browser, a webpage of a website over a computer network; waiting for the requested webpage and all of the resources of the requested webpage to be loaded in the web browser; waiting for an event on the loaded webpage; identifying forms on the loaded webpage having fields associated with user credentials; adding, to the identified forms, at least one of; an input event listener to at least one of the identified fields, and a click event listener to at least one button or link belonging to the identified forms; capturing user credentials input to at least one of the forms using the input event listener and/or the click event listener; generating hashes of the captured user credentials by applying a key-stretching algorithm using a cryptographic salt to the captured user credentials; storing the generated hashes in a memory, and preventing leakage of user credentials to phishing websites by comparing the generated hashes stored in the memory with entries of a list of trusted websites hashed credentials and by requesting and acting upon input indicative of whether the website is trusted or whether the website is unknown and/or untrusted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computing device comprising:
-
at least one processor; at least one data storage device coupled to the at least one processor; a network interface coupled to the at least one processor and to a computer network; a plurality of processes spawned by said at least one processor, the processes including processing logic for; requesting a webpage of a website over a computer network; waiting for the requested webpage and all of the resources of the requested webpage to be loaded in the web browser; waiting for an event on the loaded webpage; identifying forms on the loaded webpage having fields associated with user credentials; adding, to the identified forms, at least one of; an input event listener to at least one of the identified fields, and a click event listener to at least one button or link belonging to the identified forms; capturing user credentials input to at least one of the forms using the input event listener and/or the click event listener; generating hashes of the captured user credentials by applying a key-stretching algorithm using a cryptographic salt to the captured user credentials; storing the generated hashes in a memory, and preventing leakage of user credentials to phishing websites by comparing the generated hashes stored in the memory with entries of a list of trusted websites hashed credentials and by requesting and acting upon input indicative of whether the website is trusted or whether the website is unknown and/or untrusted. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification