Detecting fraudulent activity by analysis of information requests
First Claim
1. A method for a computing system of an online merchant to automatically inhibit attempts by phishers to fraudulently obtain access to information about customers of the online merchant, the method comprising:
- receiving a request from a Web browser of a customer of the online merchant for information that is available from a Web site of the online merchant, the request being initiated based on selection by the customer of a link on a Web page that is provided by a third-party entity unaffiliated with the online merchant, the received request including information about the Web page provided by the third-party entity, the third-party entity being a phisher providing a fraudulent Web site with one or more Web pages intended to replicate portions of the Web site of the online merchant, and wherein the phisher directs customers of the online merchant to the fraudulent Web site via electronic communications sent to the customers, wherein the Web page with the link selected by the customer is one of the one or more Web pages of the fraudulent Web site, wherein the fraudulent Web site does not replicate all of the Web site of the online merchant, and wherein the selected link indicates a Web page from the Web site of the online merchant that is not replicated on the fraudulent Web site, so that customers interacting with the fraudulent Web site may use the link to switch to interacting with the Web site of the online merchant without realizing that the fraudulent Web site is not part of the Web site of the online merchant;
automatically analyzing the information about the Web page provided by the third-party entity that is included in the request in order to determine whether inclusion of the link on that Web page is likely to reflect fraudulent activities by the third-party entity that include phishing for information about the customers of the online merchant, the analyzing including applying multiple fraud assessment tests to the included information about the Web page and computing a fraud assessment score for the Web page based on the applied fraud assessment tests;
automatically determining that the third-party entity is likely to be a phisher engaged in fraudulent activities based at least in part on the computed fraud assessment score exceeding a predetermined fraudulence threshold; and
in response to the determination that the third-party entity is likely to be a phisher, automatically taking one or more actions to inhibit additional fraudulent activities by the third-party entity.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for use in inhibiting attempts to fraudulently obtain access to confidential information about users. In some situations, the techniques involve automatically analyzing at least some requests for information that are received by a Web site or other electronic information service, such as to determine whether they likely reflect fraudulent activities by the request senders or other parties that initiate the requests. For example, if a request is being made to a Web site based on a user'"'"'s interaction with a third-party information source (e.g., another unaffiliated Web site) that is not authorized to initiate the request, the third-party information source may be a fraudulent phishing site or engaging in other types of fraudulent activity. If fraudulent activity is suspected based on analysis of one or more information requests, one or more actions may be taken to inhibit the fraudulent activity.
-
Citations
42 Claims
-
1. A method for a computing system of an online merchant to automatically inhibit attempts by phishers to fraudulently obtain access to information about customers of the online merchant, the method comprising:
-
receiving a request from a Web browser of a customer of the online merchant for information that is available from a Web site of the online merchant, the request being initiated based on selection by the customer of a link on a Web page that is provided by a third-party entity unaffiliated with the online merchant, the received request including information about the Web page provided by the third-party entity, the third-party entity being a phisher providing a fraudulent Web site with one or more Web pages intended to replicate portions of the Web site of the online merchant, and wherein the phisher directs customers of the online merchant to the fraudulent Web site via electronic communications sent to the customers, wherein the Web page with the link selected by the customer is one of the one or more Web pages of the fraudulent Web site, wherein the fraudulent Web site does not replicate all of the Web site of the online merchant, and wherein the selected link indicates a Web page from the Web site of the online merchant that is not replicated on the fraudulent Web site, so that customers interacting with the fraudulent Web site may use the link to switch to interacting with the Web site of the online merchant without realizing that the fraudulent Web site is not part of the Web site of the online merchant; automatically analyzing the information about the Web page provided by the third-party entity that is included in the request in order to determine whether inclusion of the link on that Web page is likely to reflect fraudulent activities by the third-party entity that include phishing for information about the customers of the online merchant, the analyzing including applying multiple fraud assessment tests to the included information about the Web page and computing a fraud assessment score for the Web page based on the applied fraud assessment tests; automatically determining that the third-party entity is likely to be a phisher engaged in fraudulent activities based at least in part on the computed fraud assessment score exceeding a predetermined fraudulence threshold; and in response to the determination that the third-party entity is likely to be a phisher, automatically taking one or more actions to inhibit additional fraudulent activities by the third-party entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for a Web site to automatically inhibit attempts to fraudulently obtain access to information about users of the Web site, the method comprising:
-
receiving one or more first requests from a party that is unrelated to a provider of the Web site and that is gathering information from the Web site for use in creating an unauthorized information source that replicates at least portions of the Web site; automatically assessing the received one or more first requests to determine whether the party making the one or more other requests is suspect; after the receiving of the one or more first requests, receiving multiple requests from multiple users for information available from the Web site, at least some of the requests being from users that have accounts with the Web site, and each of the at least some requests including an indication of a third-party information source with which the user was interacting to initiate the request, and wherein the created unauthorized information source is the third-party information source for at least some of the received multiple requests; and for each of one or more of the at least some requests, assessing the request by, automatically assessing the third-party information source indicated in the request by applying multiple fraud assessment tests and by computing a fraud assessment score for the third-party information source based on the applied fraud assessment tests; automatically determining whether the third-party information source indicated in the request is suspect based at least in part on whether the computed fraud assessment score for the third-party information source exceeds a fraudulence threshold selected for the request and based in part on the automatic assessing of the received one or more first requests; and if it is determined that the third-party information source indicated in the request is suspect, taking one or more actions to inhibit fraudulent activities by the third-party information source. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer-readable storage medium whose contents include instructions that when executed configure a computing device to automatically inhibit attempts to obtain unauthorized access to information about users, by performing a method comprising:
-
receiving a request from a user for information available from an electronic information service, the user having stored confidential information that is available from the electronic information service, the request including an indication of a third-party information source that facilitated the request; automatically assessing the received request based at least in part on the indication of the third-party information source, the assessing including generating an assessment of whether the received request reflects activities of a party other than the user to obtain unauthorized access to information about users of the electronic information service, and wherein the other party provides the third-party information source and is performing fraudulent activities to acquire information about the user so that the acquired information will allow the other party to obtain the unauthorized access to the stored confidential information available from the electronic information service; and if the assessment of the received request is that the request reflects activities of the other party to obtain unauthorized access to information about users of the electronic information service, providing information about the other party and/or the third-party information source for use in one or more activities to inhibit the other party from obtaining the unauthorized access to the information about the users of the electronic information service. - View Dependent Claims (36, 37, 38, 39)
-
-
40. A computing device configured to automatically inhibit attempts to obtain unauthorized access to information about users, comprising:
-
a memory; and a fraudulent activity detector system configured to analyze multiple requests that each are for available information from an information service on behalf of a user and that each indicate a third-party information source that facilitated the request by, for each of the multiple requests, automatically assessing the third-party information source indicated in the received request so as to determine whether the third-party information source is engaged in fraudulent activities to obtain unauthorized access to information about the user on whose behalf the request is made, the assessing including applying at least one fraud assessment test; and if the assessment of the third-party information source indicates that the third-party information source is sufficiently likely to be engaged in the fraudulent activities, initiating one or more actions to inhibit the fraudulent activities by the third-party information source, and wherein, for at least some of the multiple requests, the user on whose behalf the request is made is one of multiple users that have stored confidential information available from the information service, the third-party information source indicated in the request is engaged in phishing to fraudulently acquire information about the user, and the indication of the third-party information source in the request includes an electronic address associated with the third-party information source. - View Dependent Claims (41, 42)
-
Specification