DYNAMIC PHISHING PROTECTION IN INSTANT MESSAGING
First Claim
1. A client device for detecting phishing over a network, comprising:
- a transceiver for receiving and sending information over the network;
a processor in communication with the display and the transceiver; and
a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of actions, including;
receiving weighted phishing data collected from a plurality of other client devices;
receiving a text message having a link to a webpage;
employing the weighted phishing data to determine whether the link is suspected or known as a phishing link;
if the link is determined to be a suspected phishing link, displaying a warning message to a user of the client device indicating that the link is suspect; and
if the link is determined to be a known phishing link, blocking access to the link by the user.
3 Assignments
0 Petitions
Accused Products
Abstract
Method, apparatus, and systems are directed to phishing detection and prevention in Instant Messaging (IM) environments. A variety of sources provide phishing data to a client phishing engine (CAE). The CAE may receive data from various applications local to the client device, from sources external to the client device, user input, and data from a plurality of other client devices. The CAE may employ the data to block access to a site and/or provide a warning message. At least some of the phishing data is provided to a centralized anti-phishing server (CAS) from a plurality of client devices. The CAS then attempts to use the received phishing data to search for the originator of the phishing site, and prevent future messages associated with the site. CAS will provide information about the detected phishing sites to a filtering application, such that the phishing site may be appropriately blocked.
68 Citations
20 Claims
-
1. A client device for detecting phishing over a network, comprising:
-
a transceiver for receiving and sending information over the network; a processor in communication with the display and the transceiver; and a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of actions, including; receiving weighted phishing data collected from a plurality of other client devices; receiving a text message having a link to a webpage; employing the weighted phishing data to determine whether the link is suspected or known as a phishing link; if the link is determined to be a suspected phishing link, displaying a warning message to a user of the client device indicating that the link is suspect; and if the link is determined to be a known phishing link, blocking access to the link by the user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A processor readable storage medium having computer-executable instructions, wherein the execution of the computer-executable instructions provides for managing a phishing attack by enabling actions, including:
-
receiving from a plurality of client devices, phishing data associated with a possible phishing site; weighting the received phishing data based, in part, on a number of different client devices reporting the possible phishing site, wherein the weighting is arranged to classify the possible phishing site into one of a suspected phishing site or a known phishing site; and providing the weighting to at least one client device within the plurality of client devices, wherein the at least one client device is configured to perform actions, including employing the weighted phishing data to determine whether to display a warning message or block access to the phishing site identified by a link within a received text message. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A network device for detecting a phishing attack, comprising:
-
a transceiver to send and receive data over a network; and a processor that is operative to perform actions, including; receiving from a plurality of client devices, phishing data associated with a possible phishing site, wherein the received phishing data is based on at least one of a user detected phishing site or detection based on a client application or client operating system; classifying the possible phishing site based, in part, on a defined relatively small number of different client devices reporting the possible phishing site, wherein the possible phishing site is classified as one of a suspected phishing site or a known phishing site; providing the classification to at least one client device within the plurality of client devices, for use in determining whether to display a warning message or block access to the phishing site identified by a link within a client received text message; and if the phishing site is classified as a known phishing site, performing at least one action directed to inhibiting a future phishing activity from the known phishing site. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of managing a phishing attack over a network, comprising:
-
receiving, from a plurality of client devices, phishing data associated with a plurality of possible phishing sites, wherein the received phishing data is based on at least one of a user detected phishing site or detection based on a client application or client operating system; classifying the phishing sites based, in part, on a defined number of different client devices reporting the possible phishing sites, wherein the possible phishing sites are classified as one of a suspected phishing site or a known phishing site; providing the classifications to at least one client device within the plurality of client devices, for use in determining a response to a text message received by the at least one client device having a link to a webpage; and if a possible phishing site is classified as a known phishing site, performing at least one action directed to inhibiting a future phishing activity from the known phishing site. - View Dependent Claims (18, 19, 20)
-
Specification