The Internet and other networks have changed the way people do business by providing instant global presence to businesses. At the same time the Internet has also given rise to new forms of criminality, which benefit from the Internet in much the same way as regular businesses do. One of the most common forms of Internet fraud is “phishing”, a social engineering attack in which an attacker tricks the user into disclosing sensitive information, such as credit card information, account numbers, account names, passwords, etc. Phishing attacks pose a serious threat to e-commerce.
One common type of phishing attack consists of three parts:                a message that urges the user to visit an attacker-controlled website,        a Uniform Resource Locator (URL) that looks similar to a trusted one, and        a website that imitates the layout of the trusted website.        
The message will typically be an unsolicited email containing a fictive story urging the user to disclose sensitive information, e.g. to validate its bank account or credit card information. This message contains a link that appears trustworthy, i.e., appears to point to a trustworthy website, but will in fact point to an attacker-controlled website.
Techniques commonly used in obfuscating URLs include:                a combination of Javascript and Hyper Text Markup Language (HTML),        obfuscated URL syntax (e.g. http://user:password@host/webpage an address such as user:password at a host/webpage),        URL rendering errors (e.g. invalid x00 rendering),        international domain names (IDN) containing similar or even identical looking characters (e.g., Russian's “a” instead of a standard (Latin) ‘a’), and        similar Domain Name System (DNS) names (e.g. mybank-online or my6ank.com or mybank.co.uk instead of mybank.com        
Another type of phishing-attack is to run a website with an URL that deviates from the URL of a trusted website only by a common typing error.
In the attacker-controlled website, the attacker effectively impersonates a bank or other institutions and tricks the victim into disclosing sensitive information.
A known method to prevent phishing attacks is to use blacklists created from user reports and identified phishing e-mails.
The disadvantage of this method is that it is only effective against known phishing attacks.
Another known method to prevent phishing attacks is to display additional information about a website, e.g. its hosting location, since when it has been registered and a rank of a page.
The disadvantage of such a method is that they may overwhelm the user with the amount of information and may cause false positives with less popular websites.
The last group of known methods to prevent phishing attacks is based on e-mail filtering using e.g. Bayesian filters which filter suspicious e-mail messages or reformat them in a way that discloses their malicious intent. The disadvantage of such techniques is that they are only effective against phishing that is disseminated by using e-mails.
It is an object of the invention to provide improved solutions for internet and network security.