1. Technical Field
The present application relates generally to computer security and anti-phishing measures.
2. Description of the Related Art
Consumers increasingly rely on online web services for personal, financial, and business-related transactions. Access to these online services frequently requires the user to supply credentials, such as a userid and a password. In a common implementation involving a server system providing the online services and a browser client operating on a user communication device, the user enters the userid and password in form fields presented in a webpage displayed by the browser client, and the userid and password are transmitted to the server system, which validates the userid and password against records at the server system to determine whether access to the services should be granted.
A common type of fraud perpetrated in connection with such services provided over the Internet is “phishing”, in which an attacker attempts to gain confidential information, such as the user's credentials, so that the attacker can then access the user's online services. For example, banking services are commonly provided over the Internet over a web portal; users may access the services by providing a userid and password. An attacker who wishes to gain access to a user's bank account and related financial information may create a fraudulent website mimicking the content of a financial institution's legitimate website including any form fields for entry of user credentials, and then direct the user to the fraudulent website. If the user does not detect that the website is indeed fraudulent, the user may enter his or her userid and password, which are then received by the attacker. The attacker may then use these credentials to access the user's account information using the financial institution's legitimate website.