In a phishing attack, an individual (e.g., a person, an employee of a company, a user of a computing device) receives a message, commonly in the form of an e-mail or other electronic communication, directing the individual to perform an action, such as opening an e-mail attachment or following (e.g., using a cursor controlled device or touch screen) an embedded link. If such message were from a trusted source (e.g., co-worker, bank, utility company or other well-known and trusted entity), such action night carry little risk. Nevertheless, in a phishing attack, such message is from an attacker (e.g., an individual using a computing device to perform an malicious act on another computer device user) disguised as a trusted source, and an unsuspecting individual, for example, opening an attachment to view a “friend's photograph” might in fact install spyware, a virus, and/or other malware (i.e., malicious computer software) on his/her computer. Similarly, an unsuspecting individual directed to a webpage made to look like an official banking webpage might be deceived into submitting his/her username, password, banking account number, etc. to an attacker.
While there are computer programs designed to detect and block phishing attacks, phishing attacks are constantly being modified by attackers to evade such forms of detection. The present invention addresses some shortcoming of previous attempts to counter phishing attacks.