Online fraud solution
First Claim
1. A computer system for investigating a suspicious uniform resource locator to determine whether a server referenced by the uniform resource locator may be involved in fraudulent activity, the computer system comprising:
- a processor device; and
a memory device coupled with the processor device, the memory having stored therein a sequence of instructions which, when executed by the processor device, cause the computer system to;
access a data source to obtain data about a suspicious activity;
obtain, by downloading, using a master computer, the data from the data source, the data about the suspicious activity;
ascertain, by parsing the obtained data, a uniform resource locator that relates to the suspicious activity, wherein the uniform resource locator is associated with an anchor, the anchor comprising a displayed address;
ascertain the displayed address indicated by the anchor;
ascertain an actual address associated with a server referenced by the uniform resource locator;
compare the displayed address with the actual address associated with the server referenced by the uniform resource locator, wherein the displayed address comprises at least one of a first domain and a first internet protocol (IP) address, and wherein the actual address associated with the server referenced by the uniform resource locator comprises at least one of a second domain and a second IP address, and further wherein the instructions cause the computer system to determine whether the displayed address is different than the actual address associated with the server referenced by the uniform resource locator by performing at least one of a comparison between the first domain and the second domain, and between the first IP address and the second IP address;
obtain, using the master computer, domain information about the displayed address;
obtain, using the master computer, WHOIS ownership information about the displayed address;
compare the obtained domain information about the displayed address with the WHOIS ownership information about the displayed address; and
based on the comparison of the obtained domain information about the displayed address with the WHOIS ownership information about the displayed address and the comparison of the displayed address with the actual address associated with the server referenced by the uniform resource locator, determine whether the uniform resource locator is fraudulent.
8 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. Some embodiments function to access and/or obtain information from (and/or receive data from) a data source; the data might, for example, indicate a possible instance of online fraud. Certain embodiments, therefore, can be configured to analyze the data, e.g., to determine whether the data indicate a likely instance of online fraud. Such instances may be further investigated, and/or a response may be initiated. Data sources can include, without limitation, web pages, email messages, online chat sessions, domain zone files, newsgroups (and/or postings thereto), etc. Data obtained from the data sources can include, without limitation, suspect domain registrations, uniform resource locators, references to trademarks, advertisements, etc.
198 Citations
33 Claims
-
1. A computer system for investigating a suspicious uniform resource locator to determine whether a server referenced by the uniform resource locator may be involved in fraudulent activity, the computer system comprising:
-
a processor device; and a memory device coupled with the processor device, the memory having stored therein a sequence of instructions which, when executed by the processor device, cause the computer system to; access a data source to obtain data about a suspicious activity; obtain, by downloading, using a master computer, the data from the data source, the data about the suspicious activity; ascertain, by parsing the obtained data, a uniform resource locator that relates to the suspicious activity, wherein the uniform resource locator is associated with an anchor, the anchor comprising a displayed address; ascertain the displayed address indicated by the anchor; ascertain an actual address associated with a server referenced by the uniform resource locator; compare the displayed address with the actual address associated with the server referenced by the uniform resource locator, wherein the displayed address comprises at least one of a first domain and a first internet protocol (IP) address, and wherein the actual address associated with the server referenced by the uniform resource locator comprises at least one of a second domain and a second IP address, and further wherein the instructions cause the computer system to determine whether the displayed address is different than the actual address associated with the server referenced by the uniform resource locator by performing at least one of a comparison between the first domain and the second domain, and between the first IP address and the second IP address; obtain, using the master computer, domain information about the displayed address; obtain, using the master computer, WHOIS ownership information about the displayed address; compare the obtained domain information about the displayed address with the WHOIS ownership information about the displayed address; and based on the comparison of the obtained domain information about the displayed address with the WHOIS ownership information about the displayed address and the comparison of the displayed address with the actual address associated with the server referenced by the uniform resource locator, determine whether the uniform resource locator is fraudulent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of investigating a suspicious uniform resource locator to determine whether a server referenced by the uniform resource locator may be involved in fraudulent activity, the method comprising:
-
accessing, by a computer, a data source to obtain data about a suspicious activity; downloading, using the computer, the data from the data source; ascertaining, by using the computer to parse the obtained data, a uniform resource locator involved with the suspicious activity, wherein the uniform resource locator is associated with an anchor, the anchor comprising a displayed address; ascertaining, by the computer, the displayed address indicated by the anchor associated with the uniform resource locator; ascertaining, by the computer, an actual address associated with a server referenced by the uniform resource locator; comparing, by the computer, the displayed address with the actual address associated with the server referenced by the uniform resource locator, wherein the displayed address comprises at least one of a first domain and a first internet protocol (IP) address, and wherein the actual address associated with the server referenced by the uniform resource locator comprises at least one of a second domain and a second IP address, and further wherein comparing the displayed address with the actual address associated with the server referenced by the uniform resource locator comprises determining whether the displayed address is different than the actual address associated with the server referenced by the uniform resource locator by performing at least one of a comparison between the first domain and the second domain, and between the first IP address and the second IP address; obtaining, by the computer, domain information about the displayed address; obtaining, by the computer, WHOIS ownership information about the displayed address; comparing, by the computer, the obtained domain information about the displayed address with the WHOIS ownership information about the displayed address; and determining, by the computer and based on the comparison of the obtained domain information about the displayed address with the WHOIS ownership information about the displayed address and the comparison of the displayed address with the actual address associated with the server referenced by the uniform resource locator, whether the uniform resource locator is fraudulent. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
13. A non-transitory computer-readable memory having stored thereon a sequence of instructions which, when executed by a processor, cause the processor to:
-
access a data source to obtain data about a suspicious activity; obtain, by downloading, using a master computer, the data from the data source, the data about the suspicious activity; ascertain, by parsing the obtained data, a uniform resource locator that relates to the suspicious activity, wherein the uniform resource locator is associated with an anchor, the anchor comprising a displayed address; ascertain the displayed address indicated by the anchor associated with the uniform resource locator; ascertain an actual address associated with a server referenced by the uniform resource locator; compare the displayed address with the actual address associated with the server referenced by the uniform resource locator, wherein the displayed address comprises at least one of a first domain and a first interne protocol (IP) address, and wherein the actual address associated with the server referenced by the uniform resource locator comprises at least one of a second domain and a second IP address, and further wherein the instructions cause the processor to determine whether the displayed address is different than the actual address associated with the server referenced by the uniform resource locator by performing at least one of a comparison between the first domain and the second domain, and between the first IP address and the second IP address; obtain, using the master computer, domain information about the displayed address; obtain, using the master computer, WHOIS ownership information about the displayed address; compare the obtained domain information about the a displayed address with the WHOIS ownership information about the displayed address; and determine, based on the comparison of the obtained domain information about the address configured to be displayed with the WHOIS ownership information about the displayed address and the comparison of the displayed address with the actual address associated with the server referenced by the uniform resource locator, whether the uniform resource locator is fraudulent. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification