“Phishing” refers to the activities of criminals who imitate legitimate companys' electronic messages and Websites to entice recipient account holders to share highly sensitive personal data, such as Social Security numbers, users' names, passwords, and/or account numbers. Once acquired, the criminals use the stolen information to commit subsequent crimes.
One of the most common phishing attacks is to modify an existing Website of a trusted brand so that it appears to be part of the trusted company's Website. A spoofed company e-mail is then sent to a recipient with a link to this modified Web page, with a form that solicits the user's credit card data or passwords. When the form is submitted, it sends the data to the criminals while leaving the user on the replica company site. Nothing appears out of the ordinary to the user, who has now become a victim of fraud and has been exposed to potential substantial personal loss and identity theft.
Phishing is extremely dynamic and is growing in both sophistication and volume. The Anti-Phishing Working Group estimates that incidents of phishing attacks are increasing by 50% per month at the time this patent application is being written, and that phishers are able to convince up to 5% of recipients to respond to them.
What is needed is a reliable set of techniques to determine whether a subject electronic message is attempting to send the recipient to a Website that is not part of the Website of a legitimate company.