The advent of connecting two or more computers to form a network has dramatically altered the way business and personal transactions take place. Aspects such as e-mail, file transfers, surfing the web, instant messaging, e-commerce, and more are becoming day-to-day occurrences. The arrival of this technology also brought with the challenge of protecting sensitive information on a system that, by its very nature, is built for information exchange. Networks serve as the repository of a great deal of sensitive information. This storehouse of information has not gone unnoticed by would be thieves and con artists. As techniques to convey sensitive information over a network have evolved, so have attempts to pilfer that information. One such means by which thieves trick users into providing sensitive information is called Phishing.
Phishing is a fraudulent e-mail campaign that attempts to elicit confidential and/or financial information from unwitting victims. Phishing generally entails sending large numbers of e-mails with compelling reasons why the recipient should click on a link to an official-looking, yet bogus, website. Once there, the user is encouraged to input confidential information such as credit card, Social Security, and bank account numbers.
Proposals for limiting the effectiveness of phishing include e-mail authentication techniques using antispam standards and scanning for “cousin”
domains, whereby trademark owners would be notified when a similar sounding Uniform Resource Locator (URL) or site contains spoofed content. Features such as Norton Privacy Control in Symantec's Norton Internet Security (NIS) product and McAfee Personal Firewall help to stem the increasing number of phishing attacks by allowing users to identify confidential data that they wish to protect. Upon seeing the specific confidential data being transmitted via HTTP (via the web), instant messenger, or SMTP (via e-mail), the user is notified of the pending release of confidential information, and prompted to provide verification that the disclosure is authorized. Unfortunately, when a phishing attack is successful, the user believes that they are transmitting their confidential information to a reputable website, thus circumventing the intervention. Furthermore, users are not always as diligent as they should be about entering or updating their sensitive data into a security product such as NIS.
What is needed is an effective and automated way to protect confidential and sensitive information from deceptive and fraudulent e-mail campaigns. It would be desirable to recognize the attempted transmission of confidential and/or sensitive information to seemingly illicit destinations prior to the information's release. The present invention addresses these and other problems, as well as provides additional benefits.