This invention relates to preventing illegitimate use of compromised accounts, such as account for which the credentials have been stolen by phishing sites.
Phishing is a fraudulent attempt to obtain confidential information from users, such as user names, passwords, account numbers and the like, by pretending to be a legitimate online entity. A fraudulent website presents a look and feel that is almost identical to a legitimate website that may be a popular and trusted website. Unsuspecting users who are unaware that they are interacting with a fraudulent website provide sensitive information to the fraudulent website. For example, a user may be habitually accustomed to providing username and password to a social networking website frequently visited by the user. On a specific occasion, if the user is presented with a fraudulent website that has the look and feel of the social networking website, the user may proceed by providing his user name and password to the fraudulent website. The fraudulent website obtains the user name and password of the user and can subsequently use it for unauthorized access to the social networking website. Similarly, a fraudulent website may be able to collect sensitive information, for example, credit card numbers, social security numbers, or date or birth of users by pretending to look like a legitimate website. Once user credentials have been compromised, the stolen credentials can be used for illegitimate purposes. Damages from phishing include stealing of information as well as substantial financial losses.
Strategies for counteracting phishing include training people to distinguish phishing websites from legitimate websites. Users may be encouraged to contact the company hosting the website in case of any suspicion related to the website. Users are encouraged to verify the uniform resource locator (URL) address displayed in an Internet browser to ensure that they are in fact accessing the website that they intend to access. To avoid phishing, some websites require enhanced authentication procedures, for example, by requesting the user to identify an image preselected by the user. Once a user's account has become compromised, however, websites must try to prevent or limit the damage caused by phishing by determining whether a user session is legitimate or is from an unauthorized person who obtained a user's account information unlawfully.