Enhanced responses to online fraud

US 7,992,204 B2
Filed: 11/23/2004
Issued: 08/02/2011
Est. Priority Date: 05/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method of combating online fraud, the method comprising:

determining that a web server is engaged in a fraudulent activity to deceive a consumer, the determining comprising parsing a web page hosted by the web server to identify an online form comprising at least one field, the at least one field comprising a request for personal information from the web server;

analyzing the at least one field;

generating a plurality of hypertext transfer protocol (“

HTTP”

) requests, each HTTP request comprising a set of data, the set of data comprising at least one data element corresponding to the at least one field, wherein the at least one data element corresponding to the at least one field in each HTTP request comprises a set of safe data associated with one or more fictitious identities and appearing to comprise a valid response to the at least one field; and

transmitting each of the plurality of HTTP requests for reception by the web server, wherein each of the plurality of HTTP requests appears to originate from a one of a plurality of Internet Protocol (“

IP”

) blocks, and wherein the plurality of HTTP requests are not sufficient to impair any functions of the web server other than the web server'"'"'s ability to respond to HTTP requests.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Solutions (including inter alia, systems, methods and software) for dealing with online fraud. Certain of these solutions provide enhanced responses to an identified instance of online fraud. Such enhanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, responses may be disguised (e.g., by transmitting the responses from a variety of computers, by transmitting responses that appear to originate from a computer different than the actual source of the responses, etc.). In some cases, a response strategy may be implemented that forces the server (and/or an operator thereof) to choose between accepting the responses and blocking potential responses from the targets of the fraudulent scheme.

153 Citations

43 Claims

1. A method of combating online fraud, the method comprising:
- determining that a web server is engaged in a fraudulent activity to deceive a consumer, the determining comprising parsing a web page hosted by the web server to identify an online form comprising at least one field, the at least one field comprising a request for personal information from the web server;
  
  analyzing the at least one field;
  
  generating a plurality of hypertext transfer protocol (“
  
  HTTP”
  
  ) requests, each HTTP request comprising a set of data, the set of data comprising at least one data element corresponding to the at least one field, wherein the at least one data element corresponding to the at least one field in each HTTP request comprises a set of safe data associated with one or more fictitious identities and appearing to comprise a valid response to the at least one field; and
  
  transmitting each of the plurality of HTTP requests for reception by the web server, wherein each of the plurality of HTTP requests appears to originate from a one of a plurality of Internet Protocol (“
  
  IP”
  
  ) blocks, and wherein the plurality of HTTP requests are not sufficient to impair any functions of the web server other than the web server'"'"'s ability to respond to HTTP requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method of combating online fraud as recited in claim 1, wherein determining that the web server is engaged in the fraudulent activity comprises interrogating the web server to determine whether the server is engaged in the fraudulent activity.
  - 3. A method of combating online fraud as recited in claim 1, wherein each of the plurality of HTTP requests comprises a response to a request from the web server for personal information.
  - 4. A method of combating online fraud as recited in claim 3, wherein each set of data comprises a set of safe data associated with a fictitious identity.
  - 5. A method of combating online fraud as recited in claim 1, wherein at least one of the set of data is associated with an account at a financial institution.
  - 6. A method of combating online fraud as recited in claim 1, wherein the plurality of HTTP requests are sufficient to substantially prevent the web server from responding to an HTTP request submitted by a third party.
  - 7. A method of combating online fraud as recited in claim 1, the plurality of HTTP requests are not sufficient to impair a network infrastructure providing communication with the web server.
  - 8. A method of combating online fraud as recited in claim 1, further comprising:
    - implementing at least one countermeasure to defeat an attempt to filter the plurality of HTTP requests.
  - 9. A method of combating online fraud as recited in claim 1, wherein at least one of the plurality of IP blocks is owned by a retail Internet service provider.
  - 10. A method of combating online fraud as recited in claim 1, wherein the plurality of HTTP requests are sufficient to impede an attempt by the web server to block the plurality of HTTP requests.
  - 11. A method of combating online fraud as recited in claim 1, wherein the plurality of IP blocks are sufficiently diverse to impede an attempt by the web server to block the plurality of HTTP requests.
  - 12. A method of combating online fraud as recited in claim 1, wherein the plurality of IP blocks are selected so that an attempt by the web server to block the plurality of HTTP requests results in blocking a significant number of consumers from submitting HTTP requests to the web server.
  - 13. A method of combating online fraud as recited in claim 1, wherein the each of the plurality of HTTP requests is transmitted via a megaproxy, and wherein the megaproxy is configured to transmit the plurality of HTTP requests in such a way as to make the each of plurality of HTTP requests appear to originate from a one of a plurality of IP blocks.
  - 14. A method of combating online fraud as recited in claim 1, wherein the each of the plurality of HTTP requests are transmitted via a proxy chain, and wherein the proxy chain is configured to transmit the plurality of HTTP requests in such a way as to obscure a source of the plurality of HTTP requests.

15. A computer system for combating online fraud, the system comprising a processor and a computer readable medium having instructions executable by the processor to:
- determine that a web server is engaged in a fraudulent activity to deceive a consumer;
  
  parse a web page hosted by the server to identify an online form comprising at least one field, the at least one field comprising a request for personal information from the web server;
  
  analyze the at least one field;
  
  generate a plurality of hypertext transfer protocol (“
  
  HTTP”
  
  ) requests, each request comprising a set of data, the set of data comprising at least one data element corresponding to the at least one field, wherein the at least one data element corresponding to the at least one field in each HTTP request comprises a set of safe data associated with one or more fictitious identities and appearing to comprise a valid response to the at least one field; and
  
  transmit each of the plurality of HTTP requests for reception by the web server, wherein each of the plurality of HTTP requests appears to originate from a one of a plurality of Internet Protocol (“
  
  IP”
  
  ) blocks, and wherein the plurality of HTTP requests are not sufficient to impair any functions of the web server other than the web server'"'"'s ability to respond to HTTP requests.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The computer system of claim 15, wherein determining that the web server is engaged in the fraudulent activity comprises interrogating the web server to determine whether the server is engaged in the fraudulent activity.
  - 17. The computer system of claim 15, wherein each of the plurality of HTTP requests comprises a response to a request from the web server for personal information.
  - 18. The computer system of claim 17, wherein each set of data comprises a set of safe data associated with a fictitious identity.
  - 19. The computer system of claim 15, wherein at least one of the set of data is associated with an account at a financial institution.
  - 20. The computer system of claim 15, wherein the plurality of HTTP requests are sufficient to substantially prevent the web server from responding to an HTTP request submitted by a third party.
  - 21. The computer system of claim 15, wherein the plurality of HTTP requests are not sufficient to impair a network infrastructure providing communication with the web server.
  - 22. The computer system of claim 15, wherein the instructions are further executable by the processor to:
    - implement at least one countermeasure to defeat an attempt to filter the plurality of HTTP requests.
  - 23. The computer system of claim 15, wherein at least one of the plurality of IP blocks is owned by a retail Internet service provider.
  - 24. The computer system of claim 15, wherein the plurality of HTTP requests are sufficient to impede an attempt by the web server to block the plurality of HTTP requests.
  - 25. The computer system of claim 15, wherein the plurality of IP blocks are sufficiently diverse to impede an attempt by the web server to block the plurality of HTTP requests.
  - 26. The computer system of claim 15, wherein the plurality of IP blocks are selected so that an attempt by the web server to block the plurality of HTTP requests results in blocking a significant number of consumers from submitting HTTP requests to the web server.
  - 27. The computer system of claim 15 wherein the each of the plurality of HTTP requests is transmitted via a megaproxy, and wherein the megaproxy is configured to transmit the plurality of HTTP requests in such a way as to make the each of plurality of HTTP requests appear to originate from a one of a plurality of IP blocks.
  - 28. The computer system of claim 15, wherein the each of the plurality of HTTP requests are transmitted via a proxy chain, and wherein the proxy chain is configured to transmit the plurality of HTTP requests in such a way as to obscure a source of the plurality of HTTP requests.

29. A computer program embodied on a non-transitory computer readable medium, the computer program comprising instructions executable by a computer to:
- parse a web page to identify an online form comprising at least one field, the at least one field comprising a request for personal information from the web server;
  
  analyze the at least one field;
  
  generate using an algorithm, a plurality of hypertext transfer protocol (“
  
  HTTP”
  
  ) requests, each request comprising a set of data, the set of data comprising at least one data element corresponding to the at least one field, wherein the at least one data element corresponding to the at least one field in each HTTP request comprises a set of safe data associated with one or more fictitious identities and appearing to comprise a valid response to the at least one field; and
  
  transmit each of the plurality of HTTP requests to a web server, wherein each of the plurality of HTTP requests appears to originate from a one of a plurality of Internet Protocol (“
  
  IP”
  
  ) blocks, and wherein the plurality of HTTP requests are not sufficient to impair any Junctions of the web server other than the web server'"'"'s ability to respond to HTTP requests.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 30. A computer program as recited in claim 29, the computer program comprising further instructions executable by a computer to:
    - determine that the web server is engaged in a fraudulent activity.
  - 31. The computer program of claim 30, wherein determining that the web server is engaged in the fraudulent activity comprises interrogating the web server to determine whether the server is engaged in the fraudulent activity.
  - 32. The computer program of claim 29, wherein each of the plurality of HTTP requests comprises a response to a request from the web server for personal information.
  - 33. The computer program of claim 29, wherein each set of data comprises a set of safe data associated with a fictitious identity.
  - 34. The computer program of claim 29, wherein at least one of the set of data is associated with an account at a financial institution.
  - 35. The computer program of claim 29, wherein the plurality of HTTP requests are sufficient to substantially prevent the web server from responding to an HTTP request submitted by a third party.
  - 36. The computer program of claim 29, wherein the plurality of HTTP requests are not sufficient to impair a network infrastructure providing communication with the web server.
  - 37. The computer program of claim 29, wherein the instructions are further executable by a computer to:
    - implement at least one countermeasure to defeat an attempt to filter the plurality of HTTP requests.
  - 38. The computer program of claim 29, wherein at least one of the plurality of IP blocks is owned by a retail Internet service provider.
  - 39. The computer program of claim 29, wherein the plurality of HTTP requests are sufficient to impede an attempt by the web server to block the plurality of HTTP requests.
  - 40. The computer program of claim 29, wherein the plurality of IP blocks are sufficiently diverse to impede an attempt by the web server to block the plurality of HTTP requests.
  - 41. The computer program of claim 29, wherein the plurality of IP blocks are selected so that an attempt by the web server to block the plurality of HTTP requests results in blocking a significant number of consumers from submitting HTTP requests to the web server.
  - 42. The computer program of claim 29, wherein the each of the plurality of HTTP requests is transmitted via a megaproxy, and wherein the megaproxy is configured to transmit the plurality of HTTP requests in such a way as to make the each of plurality of HTTP requests appear to originate from a one of a plurality of IP blocks.
  - 43. The computer program of claim 29, wherein the each of the plurality of HTTP requests are transmitted via a proxy chain, and wherein the proxy chain is configured to transmit the plurality of HTTP requests in such a way as to obscure a source of the plurality of HTTP requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Opsec Online Limited
Original Assignee
MarkMonitor Inc.
Inventors
Shull, Mark, Shraim, Ihab
Primary Examiner(s)
Patel; Nirav B
Assistant Examiner(s)
Paliwal; Yogesh

Application Number

US10/996,567
Publication Number

US 20070294762A1
Time in Patent Office

2,443 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 63/1491   using deception as counterm...

Enhanced responses to online fraud

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

153 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced responses to online fraud

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links