Systems and methods for electronic fraud prevention
First Claim
1. A computer-implemented method comprising employing at least one computer processor to perform the steps of:
- generating a target sequence of target word indexes for a set of visible words of a target webpage, wherein the target word indexes are ordered in the target sequence according to a display order of visible words in the target webpage;
computing a word content phishing indicator for the target webpage by determining a relationship between an index of a word within the target sequence of target word indexes and an index of the word within a reference sequence of reference word indexes, wherein the reference word indexes are ordered in the reference sequence according to a display order of visible words in a reference webpage, wherein the word content phishing indicator for the target webpage is computed according to a quantity selected from a group consisting of a first inter-page word distance and a second inter-page word distance, wherein the first inter-page distance is computed as a function of
2 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, a phishing detection method includes computing a first phishing indicator of a target webpage; when the target webpage is considered suspicious of phishing according to the first phishing indicator, computing a second phishing indicator of the target webpage, and deciding whether the webpage is a phishing site according to the first and second phishing indicators. Computing the second phishing indicator comprises comparing a word content (semantic content) of the target webpage to a word content of each of a plurality of reference webpages. Comparing the word contents may include counting the number of visible words which are common to the target and reference webpages, and/or computing a ratio of a number of words which are common to the target and reference webpages to the total number of words in both the target and reference webpages.
-
Citations
16 Claims
-
1. A computer-implemented method comprising employing at least one computer processor to perform the steps of:
-
generating a target sequence of target word indexes for a set of visible words of a target webpage, wherein the target word indexes are ordered in the target sequence according to a display order of visible words in the target webpage; computing a word content phishing indicator for the target webpage by determining a relationship between an index of a word within the target sequence of target word indexes and an index of the word within a reference sequence of reference word indexes, wherein the reference word indexes are ordered in the reference sequence according to a display order of visible words in a reference webpage, wherein the word content phishing indicator for the target webpage is computed according to a quantity selected from a group consisting of a first inter-page word distance and a second inter-page word distance, wherein the first inter-page distance is computed as a function of - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising a hardware computer processor configured to execute a set of instructions to form:
-
a word content phishing filter configured to compute a word content phishing indicator for a target webpage, wherein computing the word content phishing indicator for the target webpage comprises determining a relationship between an index of a word within a target sequence of target word indexes and an index of the word within a reference sequence of reference word indexes, wherein the target word indexes are ordered in the target sequence according to a display order of visible words in the target webpage, and wherein the reference word indexes are ordered in the reference sequence according to a display order of visible words in a reference webpage, wherein the word content fishing indicator for the target webpage is computed according to a quantity selected from a group consisting of a first inter-page word distance and a second inter-page word distance, wherein the first inter-page distance is computed as a function of |Δ
1|/|A∪
B|, wherein the second inter-page word distance is computed as a function of |Δ
2|/|A∪
B|, wherein Δ
1={w∈
A∩
B, so that α
−
ε
≦
xw/yw≦
α
+ε
}, wherein Δ
2={w∈
A∩
B, so that α
−
ε
≦
xw−
yw≦
α
+ε
}, wherein w represents a word w, A represents a target wordset of the target webpage, B represents a reference wordset of the reference webpage, ∩ and
∪
represent set intersection and union, respectively, |.| denotes number of elements, xw represents an index of the word w within the target wordset, yw represents an index of the word w within the reference wordset, and wherein α and
ε
are non-zero parameters; anda phishing risk manager configured to determine whether the target webpage is a phishing page according to the word content phishing indicator. - View Dependent Claims (10, 11, 12)
-
-
13. A computer-implemented method comprising employing at least one computer processor to perform the steps of:
-
generating a target sequence of target word indexes for a set of visible words of the target document, wherein the target word indexes are ordered in the target sequence according to a display order of visible words in the target document; computing a word content fraud indicator for the target document by determining a relationship between an index of a word within the target sequence of target word indexes and an index of the word within a reference sequence of reference word indexes, wherein the reference word indexes are ordered in the reference sequence according to a display order of visible words in a reference document, wherein the word content fraud indicator for the target webpage is computed according to a quantity selected from a group consisting of a first inter-page word distance and a second inter-page word distance, wherein the first inter-page distance is computed as a function of - View Dependent Claims (14, 15, 16)
-
Specification