1. Field of the Invention
Embodiments of the present invention generally relate to a method and system for detecting anomalies relating to access of websites and, more particularly, to a method and system for detecting user identity information theft or unauthorized access of websites over a telecommunications network.
2. Description of the Related Art
Present day computer systems connect and exchange information extensively through telecommunications network, such as the Internet. These interactions involve many transactions that may require a user's identity information such as, for example, login information, passwords, social security information or other user credentials, to be disclosed. This user identity information is sometimes under threat from malicious agents that compromise the secrecy of a user's identity information and use the compromised information to assume the identity of the user and/or access the user's computer resources, e.g., on-line accounts, networks, computers, websites, and the like. Additionally, a user is susceptible to social attacks such as phishing attacks in which a phisher misguides a user to a fake website that looks substantially identical to a genuine website. Thereafter, the user is required to disclose his or her identity information to the phishing website. In this way, the user identity information is thus compromised and this information may then be used by the phisher for malicious or undesirable purposes.
Regardless of the mode, computer user identities are regularly stolen and maliciously misused. A user identity information thief typically uses the information for malicious purposes, such as, accessing on-line accounts to compromise additional information of the user and/or others, accessing restricted computer resources, submitting instructions on behalf of the user, outright stealing of money from on-line bank or brokerage accounts, and the like. The damage could include bad credit, invoices arriving for products a user has not purchased, misrepresentation of a user to send foul or inaccurate messages to a third person, among various others. In most case, the user does not realize their identity information is stolen until damage has been done.
Therefore, there exists a need for a method and system that determines if any anomalies have occurred that form indicia of identity information compromise.