1. Field of the Invention
The present invention generally relates to an anti-phishing technique. More specifically, the present invention relates to a method for preventing theft, or so-called phishing (pronounced “fishing”), of personal financial information, such as passwords and credit card numbers, through spoofs of authentic e-mails from or web sites of financial institutions, and to a recording medium having a program recorded thereon.
2. Description of the Related Art
With the recent popularity of online interaction via the Internet, there has been a wider range of victims of fraud called phishing.
Phishing is fraud via e-mails from spoofers of real banks, credit card companies, shopping sites, etc., which link to “trap” web sites which look like the banks, shopping sites, etc., so as to entice users into giving their personal information, such as credit card numbers and passwords. An increasing number of victims accessing false web sites that appear identical to the authentic web sites have “fished” for the certification information by malicious scams via fake URLs (uniform resource locators) using Javascript code or with the address bar hidden in a pop-up window. Phishing is therefore a serious problem.
Japanese Unexamined Patent Application Publication No. 2002-222286 discloses an anti-fraud system. In this system, a third-party organization stores, as “white” web pages, portions of web pages collected via various search sites whose attributes of the registered information or identity information have been successfully confirmed by a URL registration organization or telephone directory information. In response to a request from a check requester or the like, it is checked whether a specified web page is white or black, or the specified web page is checked against IP (Internet protocol) addresses of existing web pages written and stored in a Java applet. If no match is found, it is determined that this web site is not administered by an authorized server, and this determination is reported to users and the owner of the authentic web page.
In the technique disclosed in this publication, the authenticity of a web site is checked for using a third-party organization or an applet on the page. If the IP address of the web site written in the web page or the Java applet itself is tampered with, the authenticity of the web page is not checked for unless an investigation request is submitted to and a response is obtained from the third-party organization.
Phishing, on the other hand, is a fraudulent attempt to mislead users into thinking they are going to access trusted web sites and into providing their certification information, and may not be prevented unless it is determined whether or not a web site to be accessed by a user is authentic before the user accesses the web site. Thus, a problem still remains.