The Internet comprises a vast number of computers and computer networks that are interconnected through communication links, with information being exchanged using various services such as electronic mail, FTP, and the World Wide Web (or “Web”). The Web allows a server computer system (e.g., a Web server providing a Web site) to send graphical Web pages of information to a remote client computer system, which the remote client computer system can then display, such as via a Web browser executing on the client computer system.
In addition to merely providing access to information, the Web has increasingly become a medium that is used to search for, shop for and order items (such as products, services and/or information) that are for purchase, rent, lease, license, trade, evaluation, sampling, subscription to, etc. In many circumstances, a user can visit the Web site of a Web merchant (or a “Web store”) or otherwise interact with an online merchant or retailer or electronic marketplace that provides one or more items, such as to view information about the items, give an instruction to place an order for one or more items, and provide information needed to complete the purchase (e.g., payment and shipping information). After receiving an order for one or more items, a Web merchant then fulfills the order by providing the ordered items to the indicated recipient. The items may be products that are delivered electronically to a recipient (e.g., music downloaded over the Internet) or through physical distribution channels (e.g., paperback books shipped via a governmental postal service or private common carrier). The items may also be services that are provided either electronically (e.g., providing email service) or physically (e.g., performing cleaning services at the house of the purchaser). The order fulfillment process typically used by Web merchants for product items that are to be physically provided shares similarities with other item ordering services that ship ordered items (e.g., catalog-based shopping, such as from mail-order companies), such as to deliver ordered items from one or more physical distribution or fulfillment centers operated by or on behalf of the Web merchant.
While some services available via the Web or otherwise via the Internet may provide information and capabilities to anyone, many others have at least some information that is restricted to authorized users, such as to protect the privacy of confidential information related to users by making it available only to those users (e.g., to require a user to login to an email service before making the user's email available, to require a bank customer to login before making financial information available, etc.). Many such Internet services may further store various user data to assist functionality that is provided by the Internet service (e.g., for an online merchant to store shipping information for a user and information about financial instruments for a user to facilitate the user's shopping, such as in a manner associated with an account maintained for the user).
Since unauthorized access to such restricted information about users may provide various benefits to unscrupulous parties, such parties attempt to devise ways to gain access to the restricted information of the Internet services. For example, one popular technique, known as phishing, involves fooling unsuspecting victims into supplying login information and/or other personal information via a fraudulent Web site that masquerades as a legitimate Web site. In order to masquerade as the legitimate site, the party performing the phishing (referred to as a “phisher”) may download various electronic information from the legitimate site (e.g., images, client-side scripts, CSS (“Cascading Style Sheets”) files, etc.) to use in creating the fraudulent site. After creating the fraudulent site, the phisher will often send an email or other electronic communication disguised as being from the legitimate site, which prompts the intended victims to update and/or supply personal information in a way that directs the victims to the fraudulent site. Depending on the type of fraudulent site, some users may then be tricked into directly supplying confidential information to the fraudulent site, or instead may be tricked into supplying login information for the legitimate site to the fraudulent site that the phisher can then use to obtain confidential information for those users from the legitimate site by acting as those users. The confidential information obtained by the phisher may then be used to commit fraud in various ways. Unscrupulous parties may further use various other techniques to fraudulently obtain confidential information about users, including a technique known as “pharming” that involves redirecting a user from a legitimate site to a fraudulent one masquerading as the legitimate one in other ways.
Fraudulent activity, such as pharming and phishing, creates significant problems for both users of the Internet services and the Internet services themselves. For example, a bank or an online merchant may lose money when fraudulent transfers or charges are made. In addition, fraudulent activity may generate a significant number of calls (or other contacts) with customer service for the Internet services. Furthermore, even if an Internet service was not responsible for the loss of users' confidential information, users may nonetheless lose trust in the Internet service based on the fraudulent activity and be reluctant to continue interacting with the Internet service. For the users, identity theft may be perpetrated using the confidential information of the users, thus creating significant difficulties for the users.
Thus, it would be beneficial to inhibit various fraudulent activities related to unauthorized access to confidential information for users, as well as solve additional problems.