Some current anti-phishing technology uses whitelists to identify known legitimate web sites (e.g., the legitimate websites of trusted financial institutions). This is effective to a point, but a whitelist typically only includes the domain names and addresses of known legitimate institutions. Thus, a whitelist can protect a user from being fraudulently directed to a malicious website maintained by a non-trusted party, but does not prevent users from being directed to websites of legitimate institutions that have been compromised by hackers, and thus are no longer secure.
Furthermore, even the websites of legitimate organizations can sometimes request data that a user does not wish to submit. For example, a legitimate banking site can request the social security number of a user within an organization with a privacy policy that dictates never submitting such information over the Internet. Another example is a case in which a website violates its own privacy policy.
What is needed are computer implemented methods, computer readable media and computer systems for determining not only if a target web site is known to be legitimate, but also whether the site has been compromised, and whether the site complies with a desired privacy policy.