Method, device and system for detecting potential phishing websites

US 9,712,562 B2
Filed: 09/04/2015
Issued: 07/18/2017
Est. Priority Date: 07/05/2013
Status: Active Grant

First Claim

Patent Images

1. A method for detecting a potential phishing website, comprising:

obtaining by a computer device an address information of a website being displayed by a web browser running on the computer device;

communicating the address information to a remote security server device for conducting a preliminary security check of the address information based on a black and white list of website addresses maintained by the remote security server device; and

in response to determining by the remote security server device that the address information does not match any of the website addresses on the black and white list;

obtaining, by the web browser, input information to the website displayed by the web browser via a key stroke detector of the web browser and before the input information is transmitted outside the computer device;

determining, by the web browser, a match between at least one segment of the information input detected by the key stroke detector and a portion of a set of pre-stored private identification data;

upon determining the match, further evaluating a legitimacy of the website by determining whether the website is associated with a digital certificate; and

blocking the web browser from transmitting the input information outside the computer device unless the website is determined to be legitimate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure discloses a method and device for detecting a potential phishing website. In the method, a computing device having at least a processor obtains information input to a website and determines whether the website is legitimate through a server when the input information entered by the user has some private information. The computing device continues to access the website if the website is legitimate and generates a warning if the website is determined not to be legitimate.

13 Citations

16 Claims

1. A method for detecting a potential phishing website, comprising:
- obtaining by a computer device an address information of a website being displayed by a web browser running on the computer device;
  
  communicating the address information to a remote security server device for conducting a preliminary security check of the address information based on a black and white list of website addresses maintained by the remote security server device; and
  
  in response to determining by the remote security server device that the address information does not match any of the website addresses on the black and white list;
  
  obtaining, by the web browser, input information to the website displayed by the web browser via a key stroke detector of the web browser and before the input information is transmitted outside the computer device;
  
  determining, by the web browser, a match between at least one segment of the information input detected by the key stroke detector and a portion of a set of pre-stored private identification data;
  
  upon determining the match, further evaluating a legitimacy of the website by determining whether the website is associated with a digital certificate; and
  
  blocking the web browser from transmitting the input information outside the computer device unless the website is determined to be legitimate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the black and white list of website addresses comprises a black list of potentially phishing web sites and a white list of trusted websites.
  - 3. The method of claim 2, further comprising communicating the address information of the website to the remote security server device for inclusion into the black list when it is determined that the website is not legitimate.
  - 4. The method of claim 2, further comprising communicating the address information of the website to the remote security server device for inclusion into the white list when it is determined that the website is legitimate.
  - 5. The method of claim 1, wherein the set of private identification data is pre-stored in a remote data server device.
  - 6. The method of claim 1, wherein the set of private identification data is pre-stored locally in the computer device.
  - 7. The method of claim 1, wherein the set of private identification data comprises one of a phone number, an email address, a credit card number, a password, a user account name, a user name, a social security number, and a security question and answer.
  - 8. The method of claim 1, wherein the set of private identification data is updateable via a user interface from the computer device.

9. A computer device, comprising:
- a memory storing instructions;
  
  at least one processor in communication with the memory, the at least one processor, when executing the instructions, is configured to cause the computer device to;
  
  obtain an address information of a website being displayed by a web browser running on the computer device;
  
  communicate the address information to a remote security server device for conducting a preliminary security check of the address information based on a black and white list of website addresses maintained by the remote security server device; and
  
  in response to determining by the remote security server device that the address information does not match any of the website addresses on the black and white list;
  
  obtain input information to the website displayed by the web browser via a key stroke detector of the web browser and before the input information is transmitted outside the computer device;
  
  determine a match between at least one segment of the information input detected by the key stroke detector and a portion of a set of pre-stored private identification data;
  
  upon determining the match, further evaluate a legitimacy of the website by determining whether the website is associated with a digital certificate; and
  
  block the web browser from transmitting the input information outside the computer device unless the website is determined to be legitimate.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer device of claim 9, wherein the black and white list of website addresses comprises a black list of potentially phishing websites and a white list of trusted websites.
  - 11. The computer device of claim 10, the at least one processor, when executing the instructions, is further configured to cause the computer device to communicate the address information of the website to the remote security server device for inclusion into the black list when it is determined that the website is not legitimate.
  - 12. The computer device of claim 10, the at least one processor, when executing the instructions, is further configured to cause the computer device to communicate the address information of the website to the remote security server device for inclusion into the white list when it is determined that the website is legitimate.
  - 13. The computer device of claim 9, wherein the set of private identification data is pre-stored in a remote data server device.
  - 14. The computer device of claim 9, wherein the set of private identification data is pre-stored locally in the computer device.
  - 15. The computer device of claim 9, wherein the set of private identification data comprises one of a phone number, an email address, a credit card number, a password, a user account name, a user name, a social security number, and a security question and answer.
  - 16. The computer device of claim 9, wherein the set of private identification data is updateable via a user interface from the computer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Inventors
Wang, Jiabin, Shao, Fudong
Primary Examiner(s)
Mehedi, Morshed

Application Number

US14/845,863
Publication Number

US 20150381654A1
Time in Patent Office

683 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1483   service impersonation, e.g....

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

Method, device and system for detecting potential phishing websites

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method, device and system for detecting potential phishing websites

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links