The present disclosure relates to the field of computer security technologies, and in particular, to a method and a system for security protection of account information.
Continuous development of an Internet technology brings huge convenience to people in life and work, while also brings a new potential security risk. Currently thereby are many phishing websites on the Internet, and these websites counterfeit URLs and page content of real websites, to cheat users of the real websites out of their trust, and induce the user to input sensitive information such as an account and a password, so as to achieve an unlawful purpose of stealing property of the user, or the like, thereby bringing a loss to the user. Moreover, if the sensitive information of the user is relevant to a social relationship chain of the user, such as an account and a password of a social network or social software, a law breaker even defrauds another user that has a social relationship with the user by using the sensitive information obtained from the phishing websites, which as a result causes a loss in a larger range, and results in a very extensive harm.
Currently, to prevent disclosure of the sensitive information, generally a database recording URLs of the phishing websites is established in advance. When the user accesses a web page, it is determined whether a URL of the web page that the user accesses is in the database, and if yes, the website where the web page resides is a phishing website; or if not, it is determined that the website where the web page resides is not a phishing website, and is secure.
However, a prevention capability of a conventional method for security protection of account information completely relies on a pre-established database, and if the URL of a phishing website is not in the database, this method does not work. Furthermore, currently existence duration of a phishing website is very short, and often after being propagated for several times, the phishing website immediately transforms and disguises the domain name and link form, and continues to be propagated and do evil after changing the URL into a URL that does not exist in the database. Therefore, it is already difficult for such a conventional method for security protection of account information to discriminate a phishing website.