Anti-phishing protection

US 9,774,624 B2
Filed: 06/09/2014
Issued: 09/26/2017
Est. Priority Date: 08/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method executing on a computing device for protecting against phishing attacks, comprising:

receiving an unsolicited message including a link to an external source;

determining that the received message is likely a phishing message based at least in part on an analysis of a URL in the received message;

displaying a first warning indicating that the received message is the phishing message and that the link to the external source is disabled;

receiving a selection of the disabled link within the received message;

displaying a second warning indicating that the link is potentially unsafe;

receiving a dismissal of the second warning; and

activating the link; and

in response to activating the link, marking the message with a property, wherein the property indicates the link will be activated in future accesses of the received message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Anti-Phishing protection assists in protecting against phishing attacks. Any links that are contained within a message that has been identified as a phishing message are disabled. A warning message is shown when the phishing message is accessed. The first time a disabled link within the phishing message is selected a dismissible dialog box is displayed containing information about how to enable links in the message. After the user dismisses the dialog, clicking on a disabled link causes the warning message to flash drawing the user'"'"'s attention to the potential severity of the problem. The links may be enabled by the user by selecting the warning message and choosing the appropriate option. Once the user enables the links, future displays of the message show the links as enabled.

Citations

18 Claims

1. A method executing on a computing device for protecting against phishing attacks, comprising:
- receiving an unsolicited message including a link to an external source;
  
  determining that the received message is likely a phishing message based at least in part on an analysis of a URL in the received message;
  
  displaying a first warning indicating that the received message is the phishing message and that the link to the external source is disabled;
  
  receiving a selection of the disabled link within the received message;
  
  displaying a second warning indicating that the link is potentially unsafe;
  
  receiving a dismissal of the second warning; and
  
  activating the link; and
  
  in response to activating the link, marking the message with a property, wherein the property indicates the link will be activated in future accesses of the received message.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the first warning is provided by a phishing filter interfacing with the computing device.
  - 3. The method of claim 2, wherein the phishing filter analyzes characteristics of the URLs contained within the received message to determine the probability that the received message is a phishing message.
  - 4. The method of claim 2, wherein the phishing filter provides at least one of a suspicious level and a neutral level.
  - 5. The method of claim 1, wherein the dismissal of the second warning maintains the link as selectable.
  - 6. The method of claim 1, wherein the first warning further comprises an indication that the received message further includes an image and wherein the link and the image are disabled independently.

7. A system for protecting against phishing attacks, comprising:
- a processing unit;
  
  a computer-readable storage device; and
  
  a filter component using the processing unit, the processing unit configured to;
  
  receive an unsolicited message including a link to an external source;
  
  determining that the received message is likely a phishing message based at least in part on an analysis of a URL in the received message;
  
  display a first warning indicating that the received message is the phishing message and that the link to the external source is disabled;
  
  receive a selection of the disabled link within the received message;
  
  display a second warning indicating that the link is potentially unsafe;
  
  receive a dismissal of the second warning; and
  
  activate the link; and
  
  in response to activating the link, marking the message with a property, wherein the property indicates the link will be activated in future accesses of the received message.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the first warning is provided by a phishing filter interfacing with the computing device.
  - 9. The method of claim 8, wherein the phishing filter analyzes characteristics of the URLs contained within the received message to determine the probability that the received message is a phishing message.
  - 10. The method of claim 8, wherein the phishing filter provides at least one of a suspicious level and a neutral level.
  - 11. The method of claim 7, wherein the dismissal of the second warning maintains the link as selectable.
  - 12. The method of claim 7, wherein the first warning further comprises an indication that the received message further includes an image and wherein the link and the image are disabled independently.

13. A computer-readable medium having computer-executable instructions that are executed on a computing device for protecting against phishing attacks, comprising:
- receiving an unsolicited message including a link to an external source;
  
  determining that the received message is likely a phishing message based at least in part on an analysis of a URL in the received message;
  
  displaying a first warning indicating that the received message is the phishing message and that the link to the external source is disabled;
  
  receiving a selection of the disabled link within the received message;
  
  displaying a second warning indicating that the link is potentially unsafe;
  
  receiving a dismissal of the second warning; and
  
  activating the link; and
  
  in response to activating the link, marking the message with a property, wherein the property indicates the link will be activated in future accesses of the received message.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the first warning is provided by a phishing filter interfacing with the computing device.
  - 15. The method of claim 14, wherein the phishing filter analyzes characteristics of the URLs contained within the received message to determine the probability that the received message is a phishing message.
  - 16. The method of claim 14, wherein the phishing filter provides at least one of a suspicious level and a neutral level.
  - 17. The method of claim 13, wherein the dismissal of the second warning maintains the link as selectable.
  - 18. The method of claim 13, wherein the first warning further comprises an indication that the received message further includes an image and wherein the link and the image are disabled independently.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Xavier, Joseph, Mitchell, Aime M., Tsang, Brian J., Herbert, George A., Savastano, Hernan I., Khandelwal, Lubdha, Pengelly, Robert C. J., Novitskey, Robert, Grant, III, Stanley
Primary Examiner(s)
Desrosiers, Evans

Application Number

US14/299,087
Publication Number

US 20140298464A1
Time in Patent Office

1,205 Days
Field of Search

726 22- 32
US Class Current
CPC Class Codes

G06F 21/562   Static detection

G06Q 10/107   Computer-aided management o...

H04L 63/1483   service impersonation, e.g....

Anti-phishing protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Anti-phishing protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links