Method and system for preventing fraudulent activities
First Claim
1. A method, performed at a client security application, of protecting a password from being submitted to a spoof site, the method comprising:
- scanning a form to be posted to a first universal resource locator (URL) for the password;
comparing the password from the form with passwords stored in a password storage module to identify a matched password from among the passwords, the password storage module further storing a second URL associated with the matched password;
comparing the first URL to which the password is being submitted with the second URL associated with the matched password; and
if the first URL does not match the second URL, displaying a warning that the password is being submitted to the spoof site.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.
42 Citations
12 Claims
-
1. A method, performed at a client security application, of protecting a password from being submitted to a spoof site, the method comprising:
-
scanning a form to be posted to a first universal resource locator (URL) for the password; comparing the password from the form with passwords stored in a password storage module to identify a matched password from among the passwords, the password storage module further storing a second URL associated with the matched password; comparing the first URL to which the password is being submitted with the second URL associated with the matched password; and if the first URL does not match the second URL, displaying a warning that the password is being submitted to the spoof site. - View Dependent Claims (2, 3)
-
-
4. A system including:
-
a password storage module to store a password and a first universal resource locator (URL) associated with the password; a password detection module to scan a form for the password and to compare a second URL to which the form is being submitted with the first URL associated with the password, the second URL being associated with a server; and a display indicator module to display a security warning when the password is being submitted to the server that is not associated with the first URL. - View Dependent Claims (5, 6)
-
-
7. A client security system for preventing a password from being submitted to a spoof site, the client security system comprising:
-
a processor-implemented password storage module to store a list of universal resource locators and passwords associated with the universal resource locators; a processor-implemented password detection module to detect an attempt to submit the password to a server, the server being associated with a universal resource locator; a processor-implemented password comparison module to compare the password being submitted with the passwords stored in the password storage module to identify a matched password from among the passwords, and further to compare the universal resource locator associated with the server with a universal resource locator associated with the matched password; and a processor-implemented display indicator module to display a security warning based on the comparison of the universal resource locator associated with the server with the universal resource locator associated with the matched password. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification