Phishing detection, prevention, and notification
First Claim
1. One or more computer-readable storage media embodying computer readable instructions which, when executed, implement a method, comprising:
- receiving content from a network-based resource, the content including multiple selectable links;
rendering a user interface of a Web browsing application to display the content received from the network-based resource;
determining that the content received from the network-based resource contains a phishing attack, including;
associating a plurality of the multiple selectable links with a first Web site,associating another link of the multiple selectable links with an input form hosted at a second Web site, the first Web site being a legitimate Web site and being different from the second Web site, anddetermining, based on the plurality of the multiple selectable links associated with the first Web site and the other link associated with the second Web site, that the content contains the phishing attack; and
warning a user that the content contains the phishing attack.
2 Assignments
0 Petitions
Accused Products
Abstract
Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
101 Citations
19 Claims
-
1. One or more computer-readable storage media embodying computer readable instructions which, when executed, implement a method, comprising:
-
receiving content from a network-based resource, the content including multiple selectable links; rendering a user interface of a Web browsing application to display the content received from the network-based resource; determining that the content received from the network-based resource contains a phishing attack, including; associating a plurality of the multiple selectable links with a first Web site, associating another link of the multiple selectable links with an input form hosted at a second Web site, the first Web site being a legitimate Web site and being different from the second Web site, and determining, based on the plurality of the multiple selectable links associated with the first Web site and the other link associated with the second Web site, that the content contains the phishing attack; and warning a user that the content contains the phishing attack. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer-readable storage media embodying computer readable instructions which, when executed, implement a system, comprising:
-
an email or chat-based application to; receive an electronic mail (email) communication containing a Web based content, the content including multiple selectable links, associated with a phishing attack from a network based resource, determine that the Web based content is associated with the phishing attack, including; associating a plurality of the multiple selectable links with a first Web site, associating another link of the multiple selectable links with an input form hosted at a second Web site, the first Web site being a legitimate Web site and being different from the second Web site, and determining, based on the plurality of the multiple selectable links associated with the first Web site and the other link associated with the second Web site, that the content contains the phishing attack and communicate, upon the receiving the email communication, a notification to the Web browsing application that the Web based content is associated with the phishing attack, wherein the notification is communicated to the Web browsing application automatically in response to the receiving the email communication; and a Web browsing application to render the Web based content, and transmit a message that the Web based content is associated with the phishing attack. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more computer-readable storage media embodying computer readable instructions which, when executed, implement a system, comprising:
-
a Web browsing application to; receive content from a network based resource, the content including multiple selectable links; render a user interface to display the content, and receive sensitive data via the user interface; and a phishing detection module to; detect a phishing attack in the content, including associating a plurality of the multiple selectable links with a first Web site, associating another link of the multiple selectable links with an input form hosted at a second Web site, the first Web site being a legitimate Web site and being different from the second Web site, and determining, based on the plurality of the multiple selectable links associated with the first Web site and the other link associated with the second Web site, that the content contains the phishing attack; and communicate a warning, after the receiving the sensitive data, that the sensitive data was previously submitted via the user interface. - View Dependent Claims (16, 17, 18, 19)
-
Specification