Web sites such as Internet sites often provide information, products, services, and the like to their users. Many web sites require users to register before their web servers will grant access to the users. During registration, a user typically supplies personal information such as a username, account number, address, telephone number, e-mail address, computer platform, age, gender, and/or hobbies to the registering web site. The registration information may be necessary to complete transactions (e.g., commercial or financial transactions). When registering a user for the first time, a web site typically requests that the user select a login identifier, or login ID, and an associated password. The login ID allows the web site to identify the user and retrieve information about the user during subsequent user visits to the web site. Generally, the login ID must be unique to the web site such that no two users have the same login ID. The combination of the login ID and password associated with the login ID allows the web site to authenticate the user during subsequent visits to the web site.
Although presently available user authentication systems permit a web user to enter a login ID and associated password to access a web server or service, further improvements are desired. When a user on a client computer communicates with a server computer such as a web site via, for example, a hypertext transfer protocol (HTTP), there is often a need to share authentication information between the client and the server. Transactional communications between a client computer and a server computer are at risk of interception by a third party. For example, there is a risk of a spoofing attack. A spoofing attack is an attack that attempts to con one or more users into making security decisions based on a misleading context. This is often in the form of a single web page interface, but can be as involved as an entire website (or several websites). This type of attack is especially dangerous because the user is lulled into a false sense of security into a context that is completely controlled by an attacker. The goal for an attacker can range from communicating misleading information to compromising security credentials and other personal information from users. There have been high profile attacks against existing web sites in which user profile data and financial information have been compromised.
Web spoofing poses a threat to both businesses and end users as authentication through web pages becomes more pervasive. Authentication systems play a critical role in enabling products and services. Web spoofing attacks designed to capture credentials (e.g., spoofed sign-in modules) not only compromise individual user accounts, but also compromise the security of the entire authentication system. Any web spoofing attack on an authentication service decreases the trustworthiness of the authentication service. There is a need for a tool to detect spoofed sign-in modules and other fraudulent authentication forms.
Existing methods of spoof detection primarily require human intervention to identify spoofing attempts. For example, one manual process includes a savvy user reporting a suspicious web page to the authentication system. An incident response team associated with the authentication system investigates the problem by viewing the suspicious web page and taking action based on the investigation. Such existing methods are time consuming, expensive, and typically identify spoofing attempts only after such attempts have successfully fooled one or more users.
For these reasons, a system for distinctively marking authentication forms and preemptively searching for and detecting unauthorized authentication forms is desired to address one or more of these and other disadvantages.