Prevention of credential phishing based upon login behavior analysis

摘要

A system is implemented in browser plug-in software or in endpoint agent software on a user computer. The user accesses a Web site and fills in a login request form and submits it to the Web site. The system triggers a “forgot password” feature and detects a phishing Web site by determining that it does not send a reset link to a valid user e-mail address, or, the system detects a phishing Web site by determining that it does send a reset link to an invalid e-mail address. Or, the system detects a phishing Web site by determining that it sends a reset link to a user e-mail address from a domain different from the domain of a login request form. Or, the system fills in an incorrect account name or password in a login request form and detects a phishing Web site by determining that the Web site does not indicate that the incorrect user name or incorrect password are incorrect. Or, the system submits incorrect credentials and detects a phishing Web site by determining that the Web site does not implement any way to reset the account name or password.