The Internet enables people across the globe to buy and sell, and interact as never before. Internet activities however, whether involving email, personal information such as credit card details, visiting an e-commerce based website or logging into an online banking system, require effective security and encryption mechanisms to ensure personal data and sensitive information are safe from misappropriation and online fraud. Threats to this security include fraudulent attacks from third parties or programs such as computer viruses, worms, trojan horses and spyware which usually install themselves on a user's computer through deception, and are typically capable of accessing and compromising important data, affecting the performance of the computer and/or monitoring the activities of users.
One means of minimising the chances of damage caused by such threats is to completely isolate the computer from other computers and networks from which such threats may be received. Although this approach may significantly reduce the susceptibility of the computer to an attack or the chances of the computer becoming infected, such an action is clearly impractical for many users as they are severely restricted in their activities.
An alternative approach to dealing with such threats is to install a security firewall and/or antivirus software, which typically run in the background of an operating system, detecting and ideally removing any suspicious processes or software. While such security programs are capable of protecting a computer from the large proportion of threats, a computer will only continue to be protected from such threats if these programs are constantly updated to deal with new viruses and worms being developed everyday. Therefore, if a computer is not protected by effective security programs or these programs are not regularly updated, the computer is potentially left open to attacks from viruses or worms. As the abovementioned threats are typically passed from computer to computer, a compromised computer is not only an issue for its own users, but also users of other computers on the network, such as the Internet, to which the compromised computer may connect.
Another problem with conventional security programs and systems is that the user is left alone in his responsibility to keep the computer safe and infection free. Therefore, a user neglecting to properly protect against relevant threats may have his or her Internet activity monitored and personal information misappropriated. In situations where sensitive information such as bank or credit details are being transmitted, misappropriation of this information could lead to the fraudulent appropriation of funds from the user's financial accounts.
While early attempts at password protection have slowly evolved to more sophisticated systems, virtually all current password protection security systems on the Internet do not guard against fraudulent attacks such as phishing. One example of phishing is where an email is received, supposedly from the bank or institution a user deals with, which requests urgent verification of a user's details to avoid their account being suspended. Clicking on a link within the email typically forwards the user to a mock site which is made to look like the official site of the bank or institution the user is accustomed to and invites the user to enter their login and password. Once these details are in the possession of third parties, they may use the information to gain access to the user's financial accounts or other sensitive information.
These types of online fraud attacks undermine customer confidence and loyalty in an online service provider, the brand value of the bank or other institution, and the trust relationship as a whole in relation to activities and transactions conducted over the Internet.
The firewall and antivirus security programs discussed above are primarily directed at protecting user's from malicious attacks or programs on the computer or network system, rather than from phishing attacks where the dissemination of a user's information occurs via a website to which the user is misdirected by deception. Security applications that do deal with phishing attacks only manage to secure users from known phishing sites by adopting a black list approach. However, new phishing sites and malicious applications are identified everyday and until these threats are verified and placed on a black list, a user's computer is left vulnerable.
Accordingly, it is an object of the present invention to provide a means of securing communications across a network from security threats that may be present on the user's computer, or that may be transmitted from a compromised computer within a network.
It is a further object of the present invention to provide a means of protecting against security threats or websites to which the user is fraudulently directed.
Any discussion of documents, devices, acts or knowledge in this specification is included to explain the context of the invention. It should not be taken as an admission that any of the material formed part of the prior art base or the common general knowledge in the relevant art on or before the priority date of the claim herein.