The invention relates to computer security systems and methods, and in particular to systems and methods for detecting online fraud, e.g., fraudulent webpages.
The rapid development of electronic communications, online commerce, and services such as online banking commerce has been accompanied by a rise in electronic crime. Internet fraud, especially in the form of phishing and identity theft, has been posing an increasing threat to Internet users worldwide. Sensitive identity information and credit card details obtained fraudulently by international criminal networks operating on the Internet are used to fund various online transactions, and/or are further sold to third parties. Besides direct financial damage to individuals, Internet fraud also causes a range of unwanted side effects, such as increased security costs for companies, higher retail prices and banking fees, declining stock values, lower wages and decreased tax revenue.
In an exemplary phishing attempt, a fake website masquerades as a genuine webpage belonging to an online retailer or a financial institution, inviting the user to enter some personal information (e.g., username, password) and/or financial information (e.g. credit card number, account number, security code). Once the information is submitted by the unsuspecting user, it may be harvested by the fake website. Additionally, the user may be directed to another webpage which may install malicious software on the user's computer. The malicious software (e.g., viruses, Trojans) may continue to steal personal information by recording the keys pressed by the user while visiting certain webpages, and may transform the user's computer into a platform for launching other malicious attacks.
Software running on an Internet user's computer system may be used to identify fraudulent web documents and to issue a warning and/or block access to such documents. Several approaches have been proposed for identifying fraudulent webpages. Exemplary strategies include matching a webpage's address to a list of known fraudulent and/or trusted addresses (techniques termed black- and white-listing, respectively). To avoid such detection, fraudsters frequently change the address of their websites.
There is a persisting interest in developing methods to detect and prevent online fraud, and especially methods able to perform proactive detection.