Using mock tokens to protect against malicious activity
First Claim
1. A method of fraud protection, the method comprising:
- providing a first mock token to first suspected fraudster equipment in response to a first phishing attempt, the mock token appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate token is provided to the first suspected fraudster equipment in response to the first phishing attempt, and storing the first mock token in a first database entry associated with the legitimate user and the first suspected fraudster;
providing a second mock token to a second suspected fraudster equipment in response to a second phishing attempt, the mock token appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate token is provided to the second suspected fraudster equipment in response to the second phishing attempt, and storing the second mock token in a second database entry associated with the legitimate user and the second suspected fraudster;
subsequent to providing the first and second mock tokens, receiving, from suspected fraudster equipment, an authentication request which includes one of the first and second mock tokens stored in the database, thereby identifying the suspected fraudster equipment as a true fraudster; and
in response to receiving the authentication request which uses the mock token from the true fraudster, performing a set of authentication server operations to protect against future activity by the true fraudster;
wherein each legitimate token is derived from a secret seed uniquely associated with a corresponding legitimate user account;
wherein providing the first mock token to the first suspected fraudster equipment in response to the first phishing attempt includes providing log-in information falsely appearing to allow access to a legitimate user account; and
wherein the method further includes performing an authentication operation which detects an attempt to use of one of the first and second mock tokens to prove authorization to access the legitimate user account; and
wherein performing the set of authentication server operations further includes performing a remedial operation in response to detected use of the mock token,wherein performing the remedial operation in response to detected use of one of the first and second mock tokens includes;
outputting a message to a set of authentication servers, the message identifying the fraudster equipment as a source of malicious activity,wherein the set of authentication servers includes a plurality of authentication servers which each control access to protected resources.
9 Assignments
0 Petitions
Accused Products
Abstract
A technique provides protection against malicious activity. The technique involves providing a mock token to fraudster equipment. The mock token appears to be a legitimate user token that identifies a legitimate user (e.g., an actual user token, a token seed, etc.). The technique further involves receiving, from the fraudster equipment, an authentication request which uses the mock token and, in response to receiving the authentication request which uses the mock token from the fraudster equipment, performing a set of authentication server operations to protect against future activity by the fraudster equipment (e.g., deny access to the fraudster equipment, acquire specific information about the fraudster equipment, output a message to subscribers of an eFraud network, and so on).
37 Citations
15 Claims
-
1. A method of fraud protection, the method comprising:
-
providing a first mock token to first suspected fraudster equipment in response to a first phishing attempt, the mock token appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate token is provided to the first suspected fraudster equipment in response to the first phishing attempt, and storing the first mock token in a first database entry associated with the legitimate user and the first suspected fraudster; providing a second mock token to a second suspected fraudster equipment in response to a second phishing attempt, the mock token appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate token is provided to the second suspected fraudster equipment in response to the second phishing attempt, and storing the second mock token in a second database entry associated with the legitimate user and the second suspected fraudster; subsequent to providing the first and second mock tokens, receiving, from suspected fraudster equipment, an authentication request which includes one of the first and second mock tokens stored in the database, thereby identifying the suspected fraudster equipment as a true fraudster; and in response to receiving the authentication request which uses the mock token from the true fraudster, performing a set of authentication server operations to protect against future activity by the true fraudster; wherein each legitimate token is derived from a secret seed uniquely associated with a corresponding legitimate user account; wherein providing the first mock token to the first suspected fraudster equipment in response to the first phishing attempt includes providing log-in information falsely appearing to allow access to a legitimate user account; and wherein the method further includes performing an authentication operation which detects an attempt to use of one of the first and second mock tokens to prove authorization to access the legitimate user account; and wherein performing the set of authentication server operations further includes performing a remedial operation in response to detected use of the mock token, wherein performing the remedial operation in response to detected use of one of the first and second mock tokens includes;
outputting a message to a set of authentication servers, the message identifying the fraudster equipment as a source of malicious activity,wherein the set of authentication servers includes a plurality of authentication servers which each control access to protected resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 15)
-
-
12. A computer program product having a non-transitory computer readable medium which stores a set of instructions that, when performed by a computerized device, cause the computerized device to:
-
provide a first mock token to a first suspected fraudster equipment in response to a first phishing attempt, the first mock token appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate user token is provided to the first suspected fraudster equipment in response to a first phishing attempt, and storing the first mock token in a first database entry associated with the legitimate user and the first suspected fraudster; provide a second mock token to a second suspected fraudster equipment in response to a second phishing attempt, the mock token appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate token is provided to the second suspected fraudster equipment in response to a second phishing attempt, and store the second mock token in a second database entry associated with the legitimate user and the second suspected fraudster; subsequent to providing the first and second mock tokens, receive, from suspected fraudster equipment, an authentication request which includes the first mock token stored in the database, thereby identifying the suspected fraudster equipment as a true fraudster; and in response to receiving the authentication request which uses the mock token from the true fraudster, perform a set of authentication server operations to protect against future activity by the true fraudster; wherein each legitimate token is derived from a secret seed uniquely associated with a corresponding legitimate user account; wherein the first mock token includes log-in information falsely appearing to provide access to a legitimate user account; wherein performing the set of authentication server operations includes; performing an authentication operation which detects an attempt to use of one of the first and second mock tokens to prove authorization to access the legitimate user account; and performing a remedial operation in response to detected use of the mock token, wherein performing the remedial operation in response to detected use of one of the first and second mock tokens includes outputting a message to a set of authentication servers, the message identifying the fraudster equipment as a source of malicious activity, wherein the set of authentication servers includes a plurality of authentication servers which each control access to protected resources. - View Dependent Claims (13, 14)
-
Specification