Thwarting phishing attacks by using pre-established policy files
First Claim
Patent Images
1. A method for thwarting a phishing attack, said method comprising the steps of:
- intercepting an electronic message intended for display to a recipient of the electronic message;
extracting a sender domain name from the electronic message;
identifying one or more domain names in remote links contained in the electronic message;
determining one or more domain names related to the sender domain name from a pre-established set of domain names that can legitimately appear in remote links contained in the electronic message;
comparing the one or more domain names in the identified remote links to the one or more domain names related to the sender domain name; and
preventing, in response to the comparison, the electronic message from being delivered to the recipient.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparati, and computer-readable media thwart a phishing attack on a recipient of an electronic message by intercepting the electronic message; extracting a sender domain name from the electronic message; identifying remote links associated with the electronic message; comparing the identified remote links against a pre-established set of acceptable domains, using the extracted sender domain name as an index; and when at least one extracted remote link is not found in the pre-established set of acceptable domains, preventing the message from being delivered to the recipient.
30 Citations
17 Claims
-
1. A method for thwarting a phishing attack, said method comprising the steps of:
-
intercepting an electronic message intended for display to a recipient of the electronic message; extracting a sender domain name from the electronic message; identifying one or more domain names in remote links contained in the electronic message; determining one or more domain names related to the sender domain name from a pre-established set of domain names that can legitimately appear in remote links contained in the electronic message; comparing the one or more domain names in the identified remote links to the one or more domain names related to the sender domain name; and preventing, in response to the comparison, the electronic message from being delivered to the recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. At least one computer-readable medium containing computer program instructions for thwarting a phishing attack, said computer program instructions performing the steps of:
-
intercepting an electronic message intended for display to a recipient of the electronic message; extracting a sender domain name from the electronic message; identifying one or more domain names in remote links contained in the electronic message; determining one or more domain names related to the sender domain name from a pre-established set of domain names that can legitimately appear in remote links contained in the electronic message; comparing the one or more domain names in the identified remote links to the one or more domain names related to the sender domain name; and preventing, in response to the comparisons the electronic message from being delivered to the recipient. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification