Anti-phishing methods based on an aggregate characteristic of computer system logins

US 8,601,574 B2
Filed: 03/29/2005
Issued: 12/03/2013
Est. Priority Date: 03/29/2005
Status: Active Grant

First Claim

Patent Images

1. An anti-phishing method comprising:

monitoring, via a processor, actions of a plurality of different users over a period of time; and

generating a single phishing alert signal in response to determining that multiple users of the plurality of different users have performed a first user action during the period of time,wherein the first user action is indicated when a user logs in and immediately thereafter navigates directly to a first particular web page,wherein the first user action is not indicated when the user logs in and immediately thereafter navigates directly to a second particular web page that is different than the first particular web page,wherein the single phishing alert signal is generated only when more than one user of the plurality of different users has performed the first user action during the period of time, andwherein the single phishing alert signal is not generated when only a single user of the plurality of different users has performed the first user action during the period of time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An anti-phishing method comprises monitoring a plurality of logins into a computer system over a period of time, and generating a phishing alert signal based on an aggregate characteristic of the plurality of logins.

14 Citations

18 Claims

1. An anti-phishing method comprising:
- monitoring, via a processor, actions of a plurality of different users over a period of time; and
  
  generating a single phishing alert signal in response to determining that multiple users of the plurality of different users have performed a first user action during the period of time,wherein the first user action is indicated when a user logs in and immediately thereafter navigates directly to a first particular web page,wherein the first user action is not indicated when the user logs in and immediately thereafter navigates directly to a second particular web page that is different than the first particular web page,wherein the single phishing alert signal is generated only when more than one user of the plurality of different users has performed the first user action during the period of time, andwherein the single phishing alert signal is not generated when only a single user of the plurality of different users has performed the first user action during the period of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The anti-phishing method of claim 1, wherein the first particular web page includes customer personal information.
  - 3. The anti-phishing method of claim 2, wherein the customer personal information comprises financial information.
  - 4. The anti-phishing method of claim 3, wherein the financial information comprises a customer bank account identifier.
  - 5. The anti-phishing method of claim 3, wherein the financial information comprises a credit card number.
  - 6. The anti-phishing method of claim 2, wherein the customer personal information comprises contact information.
  - 7. The anti-phishing method of claim 1, wherein the first particular web page enables the user to initiate a password change.
  - 8. The anti-phishing method of claim 1, wherein the actions are performed after logging in to a computer system that provides an electronic billing web site for a telecommunication provider.
  - 9. The anti-phishing method of claim 1, further comprising identifying a source of a suspected phishing attack in response to determining that the multiple users have performed the first user action during the period of time.
  - 10. The anti-phishing method of claim 1, further comprising initiating contact with a law enforcement authority in response to determining that the multiple users have performed the first user action during the period of time.

11. A computer-readable storage device comprising instructions that, when executed by a processor, cause the processor to perform operations comprising:
- monitoring actions of a plurality of different users over a period of time; and
  
  generating a single phishing alert signal in response to determining that multiple users of the plurality of different users have performed a first user action during the period of time,wherein the first user action is indicated when a user logs in and immediately thereafter navigates directly to a first particular web page,wherein the first user action is not indicated when the user logs in and immediately thereafter navigates directly to a second particular web page that is different than the first particular web page,wherein the single phishing alert signal is generated only when more than one user of the plurality of different users has performed the first user action during the period of time, andwherein the single phishing alert signal is not generated when only a single user of the plurality of different users has performed the first user action during the period of time.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer-readable storage device of claim 11, wherein the first particular web page includes customer personal information.
  - 13. The computer-readable storage device of claim 12, wherein the customer personal information comprises financial information.
  - 14. The computer-readable storage device of claim 13, wherein the financial information comprises a bank account identifier.
  - 15. The computer-readable storage device of claim 13, wherein the financial information comprises a credit card number.
  - 16. The computer-readable storage device of claim 12, wherein the customer personal information comprises contact information.
  - 17. The computer-readable storage device of claim 11, wherein the first particular web page enables the user to initiate a password change.
  - 18. The computer-readable storage device of claim 11, wherein the actions are performed after logging in to a computer system that provides an electronic billing web site for a telecommunication provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sbc Knowledge Ventures, L.P.
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Allemann, Andrew Whittier
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Joseph

Application Number

US11/093,181
Publication Number

US 20060224511A1
Time in Patent Office

3,171 Days
Field of Search

713/1, 713/2, 713/188, 713/194, 713/185, 380/200, 380/201, 380/255, 380/277, 726/2, 726 22- 25, 709/224, 709/229
US Class Current

726/22
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06Q 20/1085   involving automatic teller ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

G07F 7/1083   Counting of PIN attempts

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1483   service impersonation, e.g....

Anti-phishing methods based on an aggregate characteristic of computer system logins

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Anti-phishing methods based on an aggregate characteristic of computer system logins

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others