In processing systems, and in particular, in networked systems, it is often the case that users may unintentionally supply information to an illegitimate entity. The act of deceiving a person into divulging information, or to act in an abnormal way, is commonly referred to as “phishing”.
Phishing is a form of Internet fraud that usually includes an illegitimate entity creating an illegitimate or fraudulent website which is similar to, or a replica of, a legitimate entity's website, such as a financial institution, bank, or insurance company. The illegitimate entity then sends an email requesting that the recipient access the illegitimate website and enter their personal information, such as an account number and password. The illegitimate entity may then use the personal information to gain access to the person's personal data and/or assets. This can also lead to identity fraud.
Thus, in one example, a user may receive an email from what they believe to be their banking institution, where the email requests confirmation of the user's account information. In replying to the illegitimate email, the user may subject themselves to identity or monetary theft. In another example, the user may be directed to an illegitimate website, which appears to be the official website for the user's banking institution. The illegitimate website may then deceive the user into entering information such as their account number and password, which is then recorded and used by the illegitimate entity.
In a networked information or data communications system, a user has access to one or more terminals which are capable of requesting and/or receiving information or data from local or remote information sources. An example of a networked information or data communication system is the Internet.
In such a communications system, a terminal may be any type of processing system, computer or computerised device, personal computer (PC), mobile, cellular or satellite telephone, mobile data terminal, portable computer, Personal Digital Assistant (PDA), pager, thin client, or any other similar type of digital electronic device. The capability of such a terminal to request and/or receive information or data can be provided by software, hardware and/or firmware. A terminal may include or be associated with other devices, for example a local data storage device such as a hard disk drive or solid state drive.
An information source can include a server, or any type of terminal, that may be associated with one or more storage devices that are able to store information or data, for example in one or more databases residing on a storage device. The exchange of information (ie. the request and/or receipt of information or data) between a terminal and an information source, or other terminal(s), is facilitated by a communication means. The communication means can be realised by physical cables, for example a metallic cable such as a telephone line, semi-conducting cables, electromagnetic signals, for example radio-frequency signals or infra-red signals, optical fibre cables, satellite links or any other such medium or combination thereof connected to a network infrastructure.
There exists a need for a method, system, computer readable medium of instructions, and/or a computer program product to identify and/or determine an invalid request, such as a phishing request, which addresses or at least ameliorates one or more problems inherent in the prior art.
The reference in this specification to any prior publication (or information derived from it), or to any matter which is known, is not, and should not be taken as an acknowledgment or admission or any form of suggestion that that prior publication (or information derived from it) or known matter forms part of the common general knowledge in the field of endeavour to which this specification relates.