Anti-phishing methods based on an aggregate characteristic of computer system logins
First Claim
Patent Images
1. An anti-phishing method comprising:
- monitoring, via a processor, actions of a plurality of different users over a period of time; and
generating a single phishing alert signal in response to determining that multiple users of the plurality of different users have performed a first user action during the period of time,wherein the first user action is indicated when a user logs in and immediately thereafter navigates directly to a first particular web page,wherein the first user action is not indicated when the user logs in and immediately thereafter navigates directly to a second particular web page that is different than the first particular web page,wherein the single phishing alert signal is generated only when more than one user of the plurality of different users has performed the first user action during the period of time, andwherein the single phishing alert signal is not generated when only a single user of the plurality of different users has performed the first user action during the period of time.
1 Assignment
0 Petitions
Accused Products
Abstract
An anti-phishing method comprises monitoring a plurality of logins into a computer system over a period of time, and generating a phishing alert signal based on an aggregate characteristic of the plurality of logins.
14 Citations
18 Claims
-
1. An anti-phishing method comprising:
-
monitoring, via a processor, actions of a plurality of different users over a period of time; and generating a single phishing alert signal in response to determining that multiple users of the plurality of different users have performed a first user action during the period of time, wherein the first user action is indicated when a user logs in and immediately thereafter navigates directly to a first particular web page, wherein the first user action is not indicated when the user logs in and immediately thereafter navigates directly to a second particular web page that is different than the first particular web page, wherein the single phishing alert signal is generated only when more than one user of the plurality of different users has performed the first user action during the period of time, and wherein the single phishing alert signal is not generated when only a single user of the plurality of different users has performed the first user action during the period of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage device comprising instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
monitoring actions of a plurality of different users over a period of time; and generating a single phishing alert signal in response to determining that multiple users of the plurality of different users have performed a first user action during the period of time, wherein the first user action is indicated when a user logs in and immediately thereafter navigates directly to a first particular web page, wherein the first user action is not indicated when the user logs in and immediately thereafter navigates directly to a second particular web page that is different than the first particular web page, wherein the single phishing alert signal is generated only when more than one user of the plurality of different users has performed the first user action during the period of time, and wherein the single phishing alert signal is not generated when only a single user of the plurality of different users has performed the first user action during the period of time. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification