Phishing detection, prevention, and notification
First Claim
1. One or more computer-readable storage media embodying computer readable instructions which, when executed, implement a method comprising:
- rendering a messaging user interface to facilitate communication via a messaging application;
receiving a communication from a domain that is located in a country; and
detecting a phishing attack in the communication by at least one of determining that the domain from which the communication is received is similar to a known phishing domain and detecting suspicious network properties of the domain from which the communication is received;
wherein detecting suspicious network properties includes the following;
detecting that the communication is received from the domain which is a newly established domain on the internet;
detecting that the communication is received from the domain which has a low static rank;
detecting that the content of the domain which includes multiple user-selectable links to a first network-based resource and the first network-based resource is configured to submit form data to a second network-based resource;
detecting that an IP (Internet protocol) address corresponding to the domain does not correlate with the country where the domain is located; and
detecting a phishing attack in the communication at least in part by examining a user-selectable link within the communication, wherein the communication contains a user-selectable link to a web site with a minimal amount of content or a user-selectable link to a little-trafficked site.
2 Assignments
0 Petitions
Accused Products
Abstract
Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
136 Citations
10 Claims
-
1. One or more computer-readable storage media embodying computer readable instructions which, when executed, implement a method comprising:
-
rendering a messaging user interface to facilitate communication via a messaging application; receiving a communication from a domain that is located in a country; and detecting a phishing attack in the communication by at least one of determining that the domain from which the communication is received is similar to a known phishing domain and detecting suspicious network properties of the domain from which the communication is received;
wherein detecting suspicious network properties includes the following;detecting that the communication is received from the domain which is a newly established domain on the internet; detecting that the communication is received from the domain which has a low static rank; detecting that the content of the domain which includes multiple user-selectable links to a first network-based resource and the first network-based resource is configured to submit form data to a second network-based resource; detecting that an IP (Internet protocol) address corresponding to the domain does not correlate with the country where the domain is located; and detecting a phishing attack in the communication at least in part by examining a user-selectable link within the communication, wherein the communication contains a user-selectable link to a web site with a minimal amount of content or a user-selectable link to a little-trafficked site. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer-readable storage media embodying computer readable instructions which, when executed, implement a method comprising:
-
rendering a messaging user interface to facilitate communication via a messaging application; receiving a communication from a domain that is located in a country; detecting a phishing attack in the communication by detecting suspicious network properties of the domain from which the communication is received;
wherein detecting suspicious network properties includes the following;detecting that the communication is received from the domain which is a newly established domain on the internet; detecting that the communication is received from the domain which has a low static rank; detecting that the content of the domain which includes multiple user-selectable links to a first network-based resource and the first network-based resource is configured to submit form data to a second network-based resource; detecting that an IP (Internet protocol) address corresponding to the domain does not correlate with the country where the domain is located; and detecting a phishing attack in the communication at least in part by examining a user-selectable link within the communication, wherein the communication contains at least one of; a user-selectable link to a web site with a minimal amount of content;
ora user-selectable link to a little-trafficked site. - View Dependent Claims (9, 10)
-
Specification