1. Field of the Invention
The present invention is directed to computer systems. More particularly, it is directed to verifying the authenticity of transactions within computing environments.
2. Description of the Related Art
Online transactions, such as transactions performed via the Internet and the World Wide Web, have become frequent targets of attacks performed by fraudulent individuals. One such attack is commonly referred to as “phishing.” Phishing is performed by “phishers” that attempt to fraudulently acquire sensitive information about a user including, but not limited to, username and password combinations, credit card numbers, addresses, names, personal identification numbers (PINs), and other information that may be used to defraud an individual. One common form of phishing is implemented through electronic mail messages (“emails”) that appear to be sent from a credible source. In many cases, a fraudulent email informs a user of an artificial circumstance that requires the user to provide sensitive information, such as a username and password. For example, some emails sent by phishers may indicate that a user's online account has recently undergone upgrades and that the user must provide their username and password to regain access to the account. Such emails may include a hyperlink to a fraudulent webpage that appears to be a legitimate login page of an online account. If an unsuspecting user provides their username and password to the fraudulent webpage, the username and password may be compromised, and the phisher may use the username and password to impersonate the user. When a phisher obtains a username and password of a user's account, they may utilize the account's functionality to perform fraudulent transactions. For instance, a phisher may fraudulently log on to a user's online bank account and perform fraudulent transactions, such as transferring funds from the user's online account to an account controlled by the phisher.
Another type of attack is known as a man-in-the-middle (MITM) attack, in which case an attacker gains the ability to modify communications between a legitimate user's computer system and another computer in such a way that neither computer system gains knowledge of the compromised communications link. For instance, a legitimate user may log on to their online bank account to transfer funds from their checking account to their savings account. To perform such a transaction, various communications may be sent between the legitimate user's computer system and their bank's computer system. A MITM attack may intercept and modify such communications in order to perform fraudulent transactions. For instance, a MITM attack might modify parameters of the transaction, such as the transaction amount or the destination account for the transaction, in order to fraudulently siphon funds away from the transaction participants. In some cases, MITM attacks are performed by “malware,” which may include, but is not limited to, computer viruses, worms, Trojan horses, rootkits, backdoors, spyware, botnets, loggers, dialers, and other software designed to infiltrate or damage a computer system. Malware may be used to perform MITM attacks designed to intercept and modify online transactions for the benefit of fraudulent individuals.
Many online accounts (e.g., online bank accounts, online investment accounts, online consumer accounts, etc.) enable users to perform various transactions (e.g., transferring funds between accounts, purchasing one or more items, and/or other transaction related activities). To login to an online account, a user of the account is typically required to provide a username and password or participate in some other type of authentication process. A successful logon typically marks the beginning of a session between the user's computer system and the computer system(s) hosting the online account. Such session is typically terminated when the user logs out of the account or, for security purposes, after a particular period of time has elapsed. To prevent a user from having to re-authenticate (e.g., by repeating the process of providing their user name and password) each time the user navigates to different web pages of their online account, online account websites may provide a session “cookie” (which may in some cases also be referred to as a magic cookie, security key, security token, and/or a session key) to the user's computer system. Typically, the computer systems that host the user account may have knowledge of a unique identifier within the cookie and associate the unique identifier with the user's computer system and/or the session. Since the user's computer system has possession of the cookie during the session, the user may perform various transactions using their account (e.g., transferring funds between accounts, purchasing one or more items, and/or other transaction related activities) without re-authenticating during the session.
The widespread use of cookies for maintaining and managing sessions has contributed to the advancement of a particular type of MITM attack that utilizes a technique called “session hijacking.” Session hijacking occurs when malware installed on the user's computer (typically without consent of the user) gains access to a session cookie. This may be referred to as “stealing” the session cookie even though the malware may not necessarily preclude other applications (e.g., the browser that initiated the session) from continuing to use the cookie. By utilizing a stolen session cookie, malware can in some cases bypass the account authentication process required at the account login phases and gain access to the functionality of a user's online account. For instance, the malware may lay dormant until after a user has logged in to their online account and the user's computer system has been issued a session cookie. Accordingly, even in cases where it does not have knowledge of the account authentication information (e.g., a username and password), the malware may use the cookie to perform fraudulent transactions, such as performing a fund transfer to a fraudulent bank account or performing fraudulent purchases.