The present system relates to security systems and methods, and more particularly, it relates to protecting user information and accounts from phishing attacks.
Today, many users access their information or perform transactions on the Internet on various sites. Typically, users and websites employ a username and password as a security measure to protect their information. Unfortunately, criminals often attempt to obtain such information through illegal means for illicit purposes.
Phishing is a commonly employed attack aimed at acquiring a user's sensitive information, such as their username and password. Unfortunately, phishing attacks are now quite sophisticated and can appear convincingly similar to genuine communications. In one type of phishing attack, the user receives—via a website, e-mail, or instant message—a link to what appears to be an authentic website. The message typically asks the user to click on the link. When selected, the link connects the user to a website e.g., a phishing website—that masquerades as an authentic site in order to provoke the user into submitting private information, such as the user's username and password to an existing account. Often, the information can be used to access the user's account at the authentic site. Frequently, phishers target account holders of banks, online payment services, social networks, and file-sharing sites.
In a more sophisticated attack, after collecting the user's login information for a genuine site, the phishing website may automatically redirect the user to the genuine site and even log the user in using the user's illicitly obtained username and password. When a phishing site uses such techniques, it is difficult for users to detect that such an attack has occurred and that their information has been stolen.