CN105635044B - Information synchronization method and device - Google Patents

Information synchronization method and device Download PDF

Info

Publication number
CN105635044B
CN105635044B CN201410588348.7A CN201410588348A CN105635044B CN 105635044 B CN105635044 B CN 105635044B CN 201410588348 A CN201410588348 A CN 201410588348A CN 105635044 B CN105635044 B CN 105635044B
Authority
CN
China
Prior art keywords
account
malicious
suspected
suspected malicious
fraud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410588348.7A
Other languages
Chinese (zh)
Other versions
CN105635044A (en
Inventor
周进
林耀城
赵子轩
柯向荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201410588348.7A priority Critical patent/CN105635044B/en
Publication of CN105635044A publication Critical patent/CN105635044A/en
Application granted granted Critical
Publication of CN105635044B publication Critical patent/CN105635044B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention discloses an information synchronization method, which comprises the following steps: receiving a report request aiming at a suspected malicious fraud account sent by terminal equipment; judging whether the suspected malicious fraud account is a malicious fraud account; if the account number is judged to be the suspected malicious fraudulent account number, the suspected malicious fraudulent account number is synchronized to an enterprise security server of a corresponding type according to the account number type of the suspected malicious fraudulent account number. The embodiment of the invention also discloses information synchronization equipment. By implementing the embodiment of the invention, the synchronization of the malicious fraudulent account information can be realized among Internet enterprises, and the success rate of judging the malicious fraudulent account is improved.

Description

Information synchronization method and device
Technical Field
The present invention relates to the field of internet technologies, and in particular, to an information synchronization method and device.
Background
With the rapid development of internet technology, the internet application environment is increasingly complex, and the number of malicious fraudulent events occurring in the internet is also increasing.
At present, for malicious fraud events, various internet enterprises, such as telephone operators, mailbox enterprises, bank enterprises and the like, provide respective malicious fraud account reporting functions, that is, when a user encounters malicious fraud in the process of using the internet, the malicious fraud account reporting function can be used for reporting the malicious fraud account to a security server of the corresponding internet enterprise. For example, if a user receives a malicious and fraudulent mail sent by a mailbox account in the process of using the internet, the user may report the mailbox account to the security server of the mailbox enterprise through a malicious and fraudulent account reporting function provided by the mailbox enterprise.
However, practice shows that statistical data obtained by the security server of each internet enterprise through the provided malicious fraudulent account reporting function is only used inside each enterprise and cannot be shared with other enterprises in time, so that when the security server queries suspected malicious fraudulent accounts, some malicious fraudulent accounts are mistaken as security accounts because the data in the malicious fraudulent account information base is not comprehensive enough.
Disclosure of Invention
The embodiment of the invention discloses an information synchronization method and equipment, which can realize the synchronization of malicious fraudulent account information among Internet enterprises and improve the judgment success rate of malicious fraudulent account numbers.
The first aspect of the embodiments of the present invention discloses an information synchronization method, including:
receiving a report request aiming at a suspected malicious fraud account sent by terminal equipment;
judging whether the suspected malicious fraud account is a malicious fraud account;
if the account number is judged to be the suspected malicious fraudulent account number, the suspected malicious fraudulent account number is synchronized to an enterprise security server of a corresponding type according to the account number type of the suspected malicious fraudulent account number.
A second aspect of the embodiments of the present invention discloses an information synchronization apparatus, including:
the first receiving module is used for receiving a reporting request aiming at a suspected malicious fraud account sent by terminal equipment;
the first judgment module is used for judging whether the suspected malicious fraud account is a malicious fraud account;
and the synchronization module is used for synchronizing the suspected malicious fraud account to the enterprise security server of the corresponding type according to the account type of the suspected malicious fraud account when the first judgment module judges that the account type is positive.
The embodiment of the invention has the following beneficial effects:
as can be seen from the above description, in the technical scheme provided in the embodiment of the present invention, by receiving a report request for a suspected malicious fraudulent account sent by a terminal device, and determining whether the suspected malicious fraudulent account is a malicious fraudulent account, and further synchronizing the suspected malicious fraudulent account to an enterprise security server of a corresponding type according to the account type of the suspected malicious fraudulent account when the determination result is yes, synchronization of malicious fraudulent account information is implemented between internet enterprises, and the success rate of determining the malicious fraudulent account is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed for the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of an information synchronization method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another information synchronization method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another information synchronization method according to an embodiment of the present invention;
fig. 3A is a schematic diagram of a Web page for submitting a report request according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an information synchronization apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a schematic flow chart of an information synchronization method provided in an embodiment of the present invention may include the following steps:
step 101, receiving a report request for a suspected malicious fraud account sent by a terminal device.
In the embodiment of the present invention, the method may be applied to a server, where the server may be a hardware-implemented server, such as a server, or a software-implemented server, such as a service system. For convenience of description, the embodiment of the present invention takes a server as an example. It should be noted that the embodiments of the present invention are not limited to be applied in a server, and any device, apparatus, or system that can implement the embodiments of the present invention is within the scope of the embodiments of the present invention.
In the embodiment of the present invention, the terminal device may include a computer, a smart phone, a tablet computer, and the like, and the embodiment of the present invention is not particularly limited.
As an alternative embodiment, the suspected malicious fraudulent account may be a suspicious account discovered by the user during the internet usage.
For example, if a user finds that an account issues malicious fraud information when accessing the internet through a terminal device, such as QQ chat, sending and receiving an email, and the like, the account may be considered as a suspected malicious fraud account, and a report request for the suspected malicious fraud account is sent to a server.
As another optional implementation manner, the suspected malicious fraudulent account may be a suspicious account determined to be a malicious fraudulent account according to an existing procedure.
For example, taking an example that a user sends and receives an email through a terminal device, assuming that the user finds that information issued by a certain mailbox account may be malicious fraud information, the mailbox account may be reported to a corresponding mailbox enterprise, and if the mailbox enterprise determines that the mailbox account is a malicious fraud account through a specific mechanism, the mailbox enterprise may send a report request for the mailbox account to a server.
And 102, judging whether the suspected malicious fraudulent account is a malicious fraudulent account.
In the embodiment of the invention, when the server receives a report request for a suspected malicious fraud account sent by the terminal device, the server can acquire the preset parameters of the suspected malicious fraud account according to the account type of the malicious fraud account, and judge whether the suspected malicious fraud account is a malicious fraud account according to the preset parameters of the suspected malicious fraud account.
In the embodiment of the present invention, the preset parameters may include, but are not limited to, one or more of the following:
credit information, reported times, off-site information of the account number, and transaction records of the account number.
For example, if the suspected malicious fraud account reported is a QQ number, the preset parameters of the suspected malicious fraud account may be the number of times the QQ number is reported, the log-in information of the QQ number in different places, and the like.
For another example, if the suspected malicious fraudulent account number reported is a bank account number, the preset parameters of the suspected malicious fraudulent account number may be credit information of the bank account number, the reported times of the bank account number, and a transaction record of the bank account number, for example, whether the transferred-in funds are frequently received from different account numbers or not, and the transferred-in funds are transferred out in a short time.
And 103, if the account number is judged to be the suspected malicious fraudulent account number, synchronizing the suspected malicious fraudulent account number to the enterprise security server of the corresponding type according to the account number type of the suspected malicious fraudulent account number.
In the embodiment of the invention, when the server judges that the reported suspected malicious fraud account is a malicious fraud account, the server can synchronize the suspected malicious fraud account to the enterprise security server of a corresponding type according to the account type of the suspected malicious fraud account, for example, a mobile phone number is synchronized to a security server of a telecom operator, a bank card number is synchronized to a security server of a bank enterprise, and the like.
For example, taking a suspected malicious fraudulent account number as a bank card number as an example, assuming that after the server obtains the credit information, the reported times and the transaction record of the bank card number, it finds that the credit information of the bank card number is poor, the reported times exceeds a preset threshold, and the number of money transfer-in and transfer-out in the last week exceeds the threshold, the server may determine that the bank card number is a malicious fraudulent account number, and synchronize the bank card number to a security server of a bank enterprise, so that the security server of the bank enterprise performs hit processing on the bank card number, such as account freezing.
In the method flow described in fig. 1, malicious fraudulent account determination is performed on accounts of different account types through a unified server, and data serving as a basis for determination is more comprehensive, so that the success rate of determination can be improved; meanwhile, the account information of the account which is judged to be malicious fraudulent is synchronized to a corresponding security server of the Internet enterprise according to the account type, so that the malicious fraudulent account information synchronization between the Internet enterprises is realized.
As shown in fig. 2, a schematic flow chart of another information synchronization method provided in the embodiment of the present invention may include the following steps:
step 201, receiving a report request aiming at a suspected malicious fraud account sent by terminal equipment; the report request includes user identification information.
As an alternative embodiment, the suspected malicious fraudulent account may be a suspicious account discovered by the user during the internet usage.
For example, if a user finds that an account issues malicious fraud information when accessing the internet through a terminal device, such as QQ chat, sending and receiving an email, and the like, the account may be considered as a suspected malicious fraud account, and a report request for the suspected malicious fraud account is sent to a server.
Correspondingly, in this embodiment, the user identification information included in the report request may be a mobile phone number, a QQ number, a mailbox account, and the like of the user; or a user can register a dedicated account for application with the server.
As another optional implementation manner, the suspected malicious fraudulent account may be a suspicious account determined to be a malicious fraudulent account according to an existing procedure.
For example, taking an example that a user sends and receives an email through a terminal device, assuming that the user finds that information issued by a certain mailbox account may be malicious fraud information, the mailbox account may be reported to a corresponding mailbox enterprise, and if the mailbox enterprise determines that the mailbox account is a malicious fraud account through a specific mechanism, the mailbox enterprise may send a report request for the mailbox account to a server.
Accordingly, in this embodiment, the user identifier included in the report request may be an enterprise mailbox, an enterprise QQ number, or an enterprise ID applied by the enterprise to the server.
Step 202, judging whether the suspected malicious fraudulent account is a malicious fraudulent account. If yes, go to step 203; otherwise, go to step 204.
In the embodiment of the invention, when the server receives a report request for a suspected malicious fraud account sent by the terminal device, the server can acquire the preset parameters of the suspected malicious fraud account according to the account type of the malicious fraud account, and judge whether the suspected malicious fraud account is a malicious fraud account according to the preset parameters of the suspected malicious fraud account.
In the embodiment of the present invention, the preset parameters may include, but are not limited to, one or more of the following:
credit information, reported times, off-site information of the account number, and transaction records of the account number.
For example, if the suspected malicious fraud account reported is a QQ number, the preset parameters of the suspected malicious fraud account may be the number of times the QQ number is reported, the log-in information of the QQ number in different places, and the like.
For another example, if the suspected malicious fraudulent account number reported is a bank account number, the preset parameters of the suspected malicious fraudulent account number may be credit information of the bank account number, the reported times of the bank account number, and a transaction record of the bank account number, for example, whether the transferred-in funds are frequently received from different account numbers or not, and the transferred-in funds are transferred out in a short time.
And step 203, synchronizing the suspected malicious fraudulent account to an enterprise security server of a corresponding type according to the account type of the suspected malicious fraudulent account.
In the embodiment of the invention, when the server judges that the reported suspected malicious fraud account is a malicious fraud account, the server can synchronize the suspected malicious fraud account to the enterprise security server of a corresponding type according to the account type of the suspected malicious fraud account, for example, a mobile phone number is synchronized to a security server of a telecom operator, a bank card number is synchronized to a security server of a bank enterprise, and the like.
For example, taking a suspected malicious fraudulent account number as a bank card number as an example, assuming that after the server obtains the credit information, the reported times and the transaction record of the bank card number, it finds that the credit information of the bank card number is poor, the reported times exceeds a preset threshold, and the number of money transfer-in and transfer-out in the last week exceeds the threshold, the server may determine that the bank card number is a malicious fraudulent account number, and synchronize the bank card number to a security server of a bank enterprise, so that the security server of the bank enterprise performs hit processing on the bank card number, such as account freezing.
And step 204, returning a report failure response message according to the user identification information included in the report request.
In the embodiment of the invention, when the server judges that the reported suspected malicious fraud account is not a malicious fraud account, a report failure response message can be returned according to the user identification information included in the report request, and a reporter is informed in time. After receiving the report failure response message, the reporter can perform secondary processing according to the actual situation, for example, reporting again, and provide an additional evidence file.
For example, assuming that the user identification information included in the report request is a mailbox account, when the server determines that the suspected malicious fraudulent account is not a malicious fraudulent account, the server may send a mail to the mailbox account to notify the reporter that the suspected malicious fraudulent account is not a malicious fraudulent account. After the reporter receives the mail, if the suspected malicious account is considered as a malicious account, the reporter can report for the second time and provide an additional evidence file during reporting.
In the method flow described in fig. 2, after the server determines that the suspected malicious fraudulent account is not a malicious fraudulent account, the server may notify the reporter, so that the reporter performs secondary processing according to actual conditions, thereby enhancing interactivity between the system and the user, and improving reporting enthusiasm of the user.
As shown in fig. 3, a schematic flow chart of another information synchronization method provided in the embodiment of the present invention may include the following steps:
step 301, receiving a reporting request for a suspected malicious fraud account sent by a terminal device, where the reporting request includes user identification information and an evidence file.
As an alternative embodiment, the suspected malicious fraudulent account may be a suspicious account discovered by the user during the internet usage.
For example, if a user finds that an account issues malicious fraud information when accessing the internet through a terminal device, such as QQ chat, sending and receiving an email, and the like, the account may be considered as a suspected malicious fraud account, and a report request for the suspected malicious fraud account is sent to a server.
Correspondingly, in this embodiment, the user identification information included in the report request may be a mobile phone number, a QQ number, a mailbox account, and the like of the user; or a user can register a dedicated account for application with the server.
As another optional implementation manner, the suspected malicious fraudulent account may be a suspicious account determined to be a malicious fraudulent account according to an existing procedure.
For example, taking an example that a user sends and receives an email through a terminal device, assuming that the user finds that information issued by a certain mailbox account may be malicious fraud information, the mailbox account may be reported to a corresponding mailbox enterprise, and if the mailbox enterprise determines that the mailbox account is a malicious fraud account through a specific mechanism, the mailbox enterprise may send a report request for the mailbox account to a server.
Accordingly, in this embodiment, the user identifier included in the report request may be an enterprise mailbox, an enterprise QQ number, or an enterprise ID applied by the enterprise to the server.
In the embodiment of the invention, the evidence file can be a screenshot of malicious information issued by a suspected malicious account.
In the embodiment of the invention, the report request sent by the reporter to the server can be realized based on a Web mode, namely, the reporter can log in a Web site of a system, upload suspected malicious fraud account numbers, provide related evidence files and submit the evidence files to the server for auditing. The Web page for reporting an account according to the embodiment of the present invention may be as shown in fig. 3A.
Step 302, obtaining preset parameters of the suspected malicious account according to the account type of the suspected malicious account.
In the embodiment of the present invention, the preset parameters may include, but are not limited to, one or more of the following:
credit information, reported times, off-site information of the account number, and transaction records of the account number.
For example, if the suspected malicious fraud account reported is a QQ number, the preset parameters of the suspected malicious fraud account may be the number of times the QQ number is reported, the log-in information of the QQ number in different places, and the like.
For another example, if the suspected malicious fraudulent account number reported is a bank account number, the preset parameters of the suspected malicious fraudulent account number may be credit information of the bank account number, the reported times of the bank account number, and a transaction record of the bank account number, for example, whether the transferred-in funds are frequently received from different account numbers or not, and the transferred-in funds are transferred out in a short time.
And step 303, judging whether the suspected malicious fraud account is a malicious fraud account according to preset parameters of the suspected malicious fraud account and the evidence file. If yes, go to step 304; otherwise, go to step 305.
In the embodiment of the invention, after the server acquires the preset parameters corresponding to the suspected malicious fraud account, whether the suspected malicious fraud account is a malicious fraud account can be judged according to the preset parameters and the evidence file included in the report request.
For example, the server may determine the malicious value of a suspected malicious fraudulent account number by the following formula:
Evil(p)=dim1*pro1+dim2*pro2+......+dimn*pron
wherein Evi (p) is the malicious value of suspected malicious fraudulent account number, dim1,dim2,...,dimnFor the malicious value of each dimension (credit, reported times, off-site information, transaction record, evidence file, etc.) of the suspected malicious fraud account, pro is the judgment weight of different dimensions, and pro1+pro2+...+pron=1。
Taking a suspected malicious fraud account as a QQ account as an example, dim1 may be a malicious value corresponding to the reported times of the QQ account; dim2 may be a malicious value corresponding to the number of remote logins of the QQ account in the last month; dim3 may be a malicious value corresponding to the value of the transaction involved with the QQ account; dim4 may be a malicious value corresponding to the evidence file provided by the reporter when reporting the QQ account.
Correspondingly, in this embodiment, a determination method for setting malicious values of each dimension of a suspected malicious account in advance is required, for example, for a QQ number, when the number of times of reporting is 1 to 10 times, the malicious value is 1, and when the number of times of reporting is 20 to 50 times, the malicious value is 2.; when the number of remote login times in the last month is 1-5, the malicious value is 1, and when the number of remote login times in the last month is 5-10, the malicious value is 2.; when the value of the related transaction is 200-500, the malicious value is 1, and when the value of the related transaction is 500-2000, the malicious value is 2; when the evidence file relates to erotic violence information, its malicious value is 1, when the evidence file relates to economic information, its malicious value is 2.
Based on the setting, after the server acquires the preset parameters of the suspected malicious fraudulent account, the server can determine the malicious value of the suspected malicious fraudulent account according to the preset parameters of the suspected malicious fraudulent account and the evidence file, judge whether the malicious value is greater than a threshold value (which can be set according to actual conditions, such as 1.5), and when the judgment is yes, judge that the suspected malicious fraudulent account is the malicious fraudulent account; otherwise, judging that the suspected malicious fraudulent account is not a malicious fraudulent account.
In the embodiment of the present invention, when the reporting request includes an evidence file, the server may further determine whether the evidence file includes an account of a preset account type, and if so, extract the account of the preset type included in the evidence file, further determine whether the account is a malicious fraudulent account, and synchronize the account to the corresponding security server according to the type of the account when determining that the account is the malicious fraudulent account, so that the corresponding security server attacks the account, for example, seals the account.
The preset account type at least includes one or more of the following types:
QQ account number, cell phone number, bank card number, mailbox account number, etc.
For example, assume that a suspected malicious fraudulent account reported by a reporter is a QQ account, and its evidence file is a screenshot of malicious information issued by the QQ account. Assuming that the malicious information is "please transfer the tenancy to the following account, and the contact phone, the server determines that the evidence file includes the bank account and the mobile phone number, so as to extract the bank account and the mobile phone number included in the evidence file, and determine whether the bank account and the mobile phone number are malicious fraudulent accounts.
And step 304, synchronizing the suspected malicious fraudulent account to an enterprise security server of a corresponding type according to the account type of the suspected malicious fraudulent account.
In the embodiment of the invention, when the server judges that the reported suspected malicious fraud account is a malicious fraud account, the server can synchronize the suspected malicious fraud account to the enterprise security server of a corresponding type according to the account type of the suspected malicious fraud account, for example, a mobile phone number is synchronized to a security server of a telecom operator, a bank card number is synchronized to a security server of a bank enterprise, and the like.
For example, taking suspected malicious fraud account as a bank card number as an example, assuming that after the server obtains the credit information, the reported times and the transaction record of the bank card number, it finds that the credit information of the bank card number is poor, the reported times exceeds a preset threshold, and the number of money transfer-in and transfer-out in the last week exceeds the threshold, the server may determine that the bank card number is a malicious fraud account, and synchronize the bank card number to the security server of the bank enterprise, so that the security server of the bank enterprise performs attack processing on the bank card number, such as account freezing, number sealing processing (which may include permanent sealing, secret-changing unsealable number, time sealing number, and the like), and the like.
In the embodiment of the invention, when the server judges that the suspected malicious fraudulent account is the malicious fraudulent account, the server can synchronize the suspected malicious fraudulent account to the corresponding security server according to the account type of the suspected malicious fraudulent account, and can also synchronize the suspected malicious fraudulent account to the public security agency, and the public security agency attacks the malicious fraudulent account.
Further, in the embodiment of the present invention, for an account determined as a malicious fraudulent account, the server itself may perform attack processing on the account according to a preset policy, such as account freezing, number sealing processing (which may include permanent number sealing, seal-changing removable number sealing, time number sealing, and the like).
The attack processing of the server on the malicious fraudulent account needs to obtain authorization of a corresponding internet enterprise, for example, for a mobile phone number, if the server obtains authorization of a related telecom operator, the mobile phone number can be stopped after the mobile phone number is judged to be the malicious fraudulent account; or for the bank account, after the server obtains the authorization of the related bank enterprise, the server can perform account freezing processing on a certain bank account after judging that the bank account is a malicious fraudulent account, so that the server can be ensured to perform attack processing on the malicious fraudulent account in time when finding the malicious fraudulent account, and the attack efficiency of the malicious fraudulent account is improved.
And 305, returning a report failure response message according to the user identification information included in the report request.
In the embodiment of the invention, when the server judges that the reported suspected malicious fraud account is not a malicious fraud account, a report failure response message can be returned according to the user identification information included in the report request, and a reporter is informed in time. After receiving the report failure response message, the reporter can perform secondary processing according to the actual situation, for example, reporting again, and provide an additional evidence file.
For example, assuming that the user identification information included in the report request is a mailbox account, when the server determines that the suspected malicious fraudulent account is not a malicious fraudulent account, the server may send a mail to the mailbox account to notify the reporter that the suspected malicious fraudulent account is not a malicious fraudulent account. After the reporter receives the mail, if the suspected malicious account is considered as a malicious account, the reporter can report for the second time and provide an additional evidence file during reporting.
In the method flow described in fig. 3, multi-dimensional malicious determination is performed on the suspected malicious account according to the preset parameters corresponding to the account type of the suspected malicious account and the evidence file included in the report request, so that the success rate of determining the malicious account is improved.
Further, in the technical solution provided in the embodiment of the present invention, after the server synchronizes the suspected fraudulent account to the enterprise security server of the corresponding type, the enterprise security server may synchronize the hit processing result for the suspected malicious fraudulent account to the server, so that when the server receives the report request for the suspected malicious fraudulent account sent by the terminal device again, the server returns the hit processing result for the suspected malicious fraudulent account to the terminal device, that is, in the step 304, after the suspected malicious fraudulent account is synchronized to the enterprise security server of the corresponding type according to the account type of the suspected malicious fraudulent account, the following steps may also be included:
step 11), receiving a striking processing result for the suspected malicious fraud account returned by the enterprise security server;
and step 12), when a report request aiming at the suspected malicious fraud account sent by the terminal equipment is received, returning a striking processing result aiming at the suspected malicious fraud account to the terminal equipment.
For example, if the server determines that the bank account a is a malicious fraudulent account, the server may synchronize the bank account a with a security server of a banking enterprise; after receiving the synchronization information, the security server of the banking enterprise may perform account freezing processing on the bank account a, and return a processing result to the server, and when the server receives a report request of the terminal device for the bank account a again, the server may send a prompt message to the terminal device, where the prompt message may include that "the bank account a is a malicious fraudulent account and the account is frozen", so as to alert a user of the terminal device.
As can be seen from the above description, in the technical scheme provided in the embodiment of the present invention, by receiving a report request for a suspected malicious fraudulent account sent by a terminal device, and determining whether the suspected malicious fraudulent account is a malicious fraudulent account, and further synchronizing the suspected malicious fraudulent account to an enterprise security server of a corresponding type according to the account type of the suspected malicious fraudulent account when the determination result is yes, synchronization of malicious fraudulent account information is implemented between internet enterprises, and the success rate of determining the malicious fraudulent account is improved.
Based on the same technical concept of the method embodiments, the embodiments of the present invention further provide an information synchronization apparatus, which can be applied to the method embodiments.
As shown in fig. 4, a schematic structural diagram of an information synchronization apparatus provided in an embodiment of the present invention may include:
a first receiving module 401, configured to receive a report request for a suspected malicious fraud account sent by a terminal device;
a first determining module 402, configured to determine whether the suspected malicious fraudulent account is a malicious fraudulent account;
a synchronizing module 403, configured to synchronize the suspected malicious fraudulent account with an enterprise security server of a corresponding type according to the account type of the suspected malicious fraudulent account when the first determining module 402 determines that the account type is the true type.
In an alternative embodiment, the report request may include user identification information;
accordingly, referring to fig. 5, fig. 5 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention. Wherein, the information synchronization apparatus shown in fig. 5 is obtained by optimizing the information synchronization apparatus shown in fig. 4, and compared with the information synchronization apparatus shown in fig. 4, the information synchronization apparatus shown in fig. 5 may further include:
a response module 404, configured to, when the first determining module 402 determines that the user identifier is not the user identifier, return a report failure response message according to the user identifier.
Referring to fig. 6, fig. 6 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention. Wherein, the information synchronization apparatus shown in fig. 6 is obtained by optimizing the information synchronization apparatus shown in fig. 4, and compared with the information synchronization apparatus shown in fig. 4, in the information synchronization apparatus shown in fig. 6, the first determining module 402 may include:
an obtaining unit 4021, configured to obtain preset parameters of the suspected malicious fraudulent account according to the account type of the suspected malicious fraudulent account;
the determining unit 4022 is configured to determine whether the suspected malicious fraudulent account is a malicious fraudulent account according to the preset parameters of the suspected malicious fraudulent account.
Wherein the preset parameters include one or more of:
credit information, reported times, off-site information of the account number, and transaction records of the account number.
In an alternative embodiment, the reporting request may include an evidence file;
correspondingly, the determining unit 4022 may be specifically configured to determine whether the suspected malicious fraudulent account is a malicious fraudulent account according to the preset parameters of the suspected malicious fraudulent account and the evidence file.
Referring to fig. 7, fig. 7 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention. Wherein, the information synchronization apparatus shown in fig. 7 is obtained by optimizing the information synchronization apparatus shown in fig. 6, and compared with the information synchronization apparatus shown in fig. 6, the information synchronization apparatus shown in fig. 7 may further include:
a second judging module 405, configured to judge whether the evidence file includes an account of a preset account type;
an extracting module 406, configured to extract an account of the preset account type included in the evidence file when the second determining module 405 determines that the evidence file is positive;
correspondingly, the first determining module 402 may be further configured to determine whether the account is a malicious and fraudulent account;
the synchronization module 403 may be further configured to synchronize the account to a corresponding security server when the first determining module determines that the account is a malicious fraudulent account.
Wherein the preset account number type includes one or more of:
QQ account number, mobile phone number, bank card number and mailbox account number.
Referring to fig. 8, fig. 8 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention. Wherein, the information synchronization apparatus shown in fig. 8 is obtained by optimizing the information synchronization apparatus shown in fig. 4, and compared with the information synchronization apparatus shown in fig. 4, the information synchronization apparatus shown in fig. 8 may further include:
and the processing module 407 is configured to, when the first determining module 402 determines that the account is a suspected malicious account, perform attack processing on the suspected malicious account according to a preset policy.
Referring to fig. 9, fig. 9 is a schematic structural diagram of another information synchronization apparatus according to an embodiment of the present invention. Wherein, the information synchronization apparatus shown in fig. 9 is obtained by optimizing the information synchronization apparatus shown in fig. 4, and compared with the information synchronization apparatus shown in fig. 4, the information synchronization apparatus shown in fig. 9 may further include:
a second receiving module 408, configured to receive a hit processing result for the suspected malicious fraud account returned by the enterprise security server;
a sending module 409, configured to return a hit processing result for the suspected malicious fraudulent account to the terminal device when the device receives a report request for the suspected malicious fraudulent account sent by the terminal device.
Fig. 10 is a schematic structural diagram of another information synchronization apparatus provided in the embodiment of the present invention. As shown in fig. 10, the information synchronization apparatus includes: at least one processor 1001, such as a CPU, input output devices 1003, memory 1004, at least one communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The memory 1004 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 1004 may optionally be at least one storage device located remotely from the processor 1001. Wherein the memory 1004 stores a set of program codes therein, and the processor 1001 calls the program codes stored in the memory 1004 for performing the following operations:
receiving a report request for a suspected malicious fraud account sent by a terminal device through an input/output device 1003;
judging whether the suspected malicious fraud account is a malicious fraud account;
if the account number is judged to be the suspected malicious fraudulent account number, the suspected malicious fraudulent account number is synchronized to the corresponding security server through the input and output device 1003 according to the account number type of the suspected malicious fraudulent account number.
In an optional embodiment, the report request includes user identification information;
accordingly, after the processor 1001 calls the program code stored in the memory 1004 to determine whether the suspected malicious fraudulent account is a malicious fraudulent account, the following operations may be further performed:
if not, a failure report response message is returned via the input/output device 1003 according to the user identification information.
In an optional embodiment, the step of calling the program code stored in the memory 1004 by the processor 1001 to determine whether the suspected malicious fraudulent account is a malicious fraudulent account may specifically include:
acquiring preset parameters of the suspected malicious fraud account according to the account type of the suspected malicious fraud account;
and judging whether the suspected malicious fraud account is a malicious fraud account according to the preset parameters of the suspected malicious fraud account.
In alternative embodiments, the preset parameters include one or more of the following:
credit information, reported times, off-site information of the account number, and transaction records of the account number.
In an alternative embodiment, the reporting request includes an evidence file;
correspondingly, the step of calling the program code stored in the memory 1004 by the processor 1001 to judge whether the suspected malicious fraudulent account is a malicious fraudulent account according to the preset parameter of the suspected malicious fraudulent account may specifically include:
and judging whether the suspected malicious fraud account is a malicious fraud account or not according to the preset parameters of the suspected malicious fraud account and the evidence file.
In an alternative embodiment, the processor 1001 invoking program code stored in the memory 1004 may further perform the following operations:
judging whether the evidence file comprises an account of a preset account type;
if the evidence file is judged to be the account, extracting the account of the preset account type included in the evidence file;
judging whether the account is a malicious and fraudulent account;
if yes, the account is synchronized to the corresponding security server through the input/output device 1003 according to the account type of the account.
In an alternative embodiment, the preset account types include one or more of:
QQ account number, mobile phone number, bank card number and mailbox account number.
In an alternative embodiment, after the processor 1001 calls the program code stored in the memory 1004 to determine whether the suspected malicious fraudulent account is a malicious fraudulent account, the following operations may be further performed:
if the number of the suspected malicious fraud account is judged to be yes, the suspected malicious fraud account is attacked according to a preset strategy.
In an optional embodiment, after the processor 1001 calls the program code stored in the memory 1004 to synchronize the suspected malicious fraudulent account to an enterprise security server of a corresponding type according to the account type of the suspected malicious fraudulent account through the input and output device 1003, the following operations may be further performed:
receiving a hit processing result for the suspected malicious fraud account returned by the enterprise security server through an input/output device 1003;
when a report request for the suspected malicious fraud account sent by the terminal equipment is received through the input/output device 1003, a hit processing result for the suspected malicious fraud account is returned to the terminal equipment through the input/output device 1003.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (14)

1. An information synchronization method, comprising:
receiving a report request aiming at a suspected malicious fraud account sent by terminal equipment, wherein the suspected malicious fraud account is a suspicious account discovered by a user in the process of using the Internet, and the report request is sent when the terminal equipment detects report operation of the user in a network page; the reporting request comprises an evidence file provided by the user, and the evidence file is a screenshot of malicious information issued by the suspected malicious fraud account;
obtaining preset parameters of the suspected malicious fraud account according to the account type of the suspected malicious fraud account, and determining a malicious value of the suspected malicious fraud account according to the preset parameters of the suspected malicious fraud account and the evidence file;
if the malicious value is larger than a threshold value, determining that the suspected malicious fraud account is a malicious fraud account, and synchronizing the suspected malicious fraud account to an enterprise security server of a corresponding type according to the account type of the suspected malicious fraud account;
judging whether the evidence file comprises an account of a preset account type;
if the account number is judged to be the same as the account number of the preset account number type, extracting the account number of the preset account number type included in the evidence file, wherein the account number of the preset account number type included in the evidence file is different from the suspected malicious fraud account number;
judging whether the account is a malicious and fraudulent account;
and if the account is judged to be a malicious and fraudulent account, synchronizing the account to an enterprise security server of a corresponding type according to the account type of the account.
2. The method of claim 1, wherein the report request includes user identification information; the method further comprises the following steps:
if the malicious value is not greater than the threshold value, determining that the suspected malicious fraudulent account is not a malicious fraudulent account;
and returning a report failure response message according to the user identification information.
3. The method of claim 1, wherein the predetermined parameters include one or more of:
credit information, reported times, off-site information of the account number, and transaction records of the account number.
4. The method of claim 1, wherein the predetermined account type comprises one or more of:
QQ account number, mobile phone number, bank card number and mailbox account number.
5. The method of claim 1, wherein after determining that the suspected malicious fraudulent account is a malicious fraudulent account, further comprising:
and striking the suspected malicious fraud account according to a preset strategy.
6. The method of claim 1, wherein after synchronizing the suspected malicious fraudulent account to a corresponding type of enterprise security server according to the account type of the suspected malicious fraudulent account, the method further comprises:
receiving a striking processing result for the suspected malicious fraud account returned by the enterprise security server;
and when a report request aiming at the suspected malicious fraud account sent by the terminal equipment is received, returning a striking processing result aiming at the suspected malicious fraud account to the terminal equipment.
7. An information synchronization apparatus, characterized by comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a report request which is sent by terminal equipment and aims at suspected malicious fraud account numbers, the suspected malicious fraud account numbers are suspicious account numbers discovered by a user in the process of using the Internet, and the report request is sent when the terminal equipment detects report operation of the user in a network page; the reporting request comprises an evidence file provided by the user, and the evidence file is a screenshot of malicious information issued by the suspected malicious fraud account;
the first judgment module is used for acquiring preset parameters of the suspected malicious fraud account according to the account type of the suspected malicious fraud account and determining a malicious value of the suspected malicious fraud account according to the preset parameters of the suspected malicious fraud account and the evidence file;
the first judging module is further configured to determine that the suspected malicious fraudulent account is a malicious fraudulent account if the malicious value is greater than a threshold value;
the synchronization module is used for synchronizing the suspected malicious fraud account to an enterprise security server of a corresponding type according to the account type of the suspected malicious fraud account when the first judgment module judges that the suspected malicious fraud account is a malicious fraud account;
the second judgment module is used for judging whether the evidence file comprises an account of a preset account type;
an extraction module, configured to, when the second determination module determines that the account is a malicious account, extract an account of the preset account type included in the evidence file, where the account of the preset account type included in the evidence file is different from the suspected malicious fraud account;
the first judging module is further used for judging whether the account is a malicious and fraudulent account;
the synchronization module is further used for synchronizing the account to an enterprise security server of a corresponding type according to the account type of the account when the first judgment module judges that the account is a malicious fraudulent account.
8. The device of claim 7, wherein the report request includes user identification information; the first judging module is further configured to determine that the suspected malicious fraudulent account is not a malicious fraudulent account if the malicious value is not greater than the threshold value;
the apparatus further comprises:
and the response module is used for returning a report failure response message according to the user identification information when the first judgment module judges that the suspected malicious fraud account is not a malicious fraud account.
9. The apparatus of claim 7, wherein the preset parameters comprise one or more of:
credit information, reported times, off-site information of the account number, and transaction records of the account number.
10. The device of claim 7, wherein the predetermined account types include one or more of:
QQ account number, mobile phone number, bank card number and mailbox account number.
11. The apparatus of claim 7, wherein the apparatus further comprises:
and the processing module is used for carrying out attack processing on the suspected malicious fraud account according to a preset strategy after the first judging module determines that the suspected malicious fraud account is a malicious fraud account.
12. The apparatus of claim 7, wherein the apparatus further comprises:
the second receiving module is used for receiving a striking processing result for the suspected malicious fraud account returned by the enterprise security server;
and the sending module is used for returning a striking processing result aiming at the suspected malicious fraud account to the terminal equipment when the equipment receives a reporting request aiming at the suspected malicious fraud account sent by the terminal equipment.
13. An information synchronization apparatus, characterized by comprising: the device comprises a processor, an input and output device, a memory and a communication bus; the memory stores a set of program code, and the processor is configured to call the program code to execute the information synchronization method according to any one of claims 1 to 6.
14. A computer-readable medium, characterized in that it stores a set of program code adapted to be loaded by a processor and to execute the method for synchronizing information according to any one of claims 1 to 6.
CN201410588348.7A 2014-10-28 2014-10-28 Information synchronization method and device Active CN105635044B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410588348.7A CN105635044B (en) 2014-10-28 2014-10-28 Information synchronization method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410588348.7A CN105635044B (en) 2014-10-28 2014-10-28 Information synchronization method and device

Publications (2)

Publication Number Publication Date
CN105635044A CN105635044A (en) 2016-06-01
CN105635044B true CN105635044B (en) 2020-06-16

Family

ID=56049550

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410588348.7A Active CN105635044B (en) 2014-10-28 2014-10-28 Information synchronization method and device

Country Status (1)

Country Link
CN (1) CN105635044B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105871937A (en) * 2016-06-24 2016-08-17 北京奇虎科技有限公司 Data processing method, data processing device and data processing system
CN107784575A (en) * 2016-08-29 2018-03-09 腾讯科技(深圳)有限公司 Risk class determines method, transfer operation reminding method, apparatus and system
CN106878309B (en) * 2017-02-21 2021-12-14 腾讯科技(深圳)有限公司 Safety early warning method and device applied to network payment
CN108574623B (en) * 2017-03-10 2021-03-16 中移(杭州)信息技术有限公司 Method and device for determining and preventing junk information by malicious user
CN110503549B (en) * 2019-08-30 2022-05-13 中国工商银行股份有限公司 Data processing method, device, system, electronic equipment and medium
CN111107057B (en) * 2019-11-28 2022-06-14 泰康保险集团股份有限公司 Abnormal user account detection method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101426257A (en) * 2008-11-21 2009-05-06 中国移动通信集团广东有限公司 Unwell information governing system and method based on mobile communication network
CN101635894A (en) * 2009-08-28 2010-01-27 中兴通讯股份有限公司 Monitoring system, monitoring method and information transmission method for junk information
CN102970362A (en) * 2012-11-15 2013-03-13 北京小米科技有限责任公司 Method and device for sharing cloud data
CN103369486A (en) * 2013-08-01 2013-10-23 上海粱江通信系统股份有限公司 System and method for preventing fraud SMS (Short message Service) message
CN104113466A (en) * 2013-04-17 2014-10-22 腾讯科技(深圳)有限公司 Harassing phone call identification method, client, server and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101426257A (en) * 2008-11-21 2009-05-06 中国移动通信集团广东有限公司 Unwell information governing system and method based on mobile communication network
CN101635894A (en) * 2009-08-28 2010-01-27 中兴通讯股份有限公司 Monitoring system, monitoring method and information transmission method for junk information
CN102970362A (en) * 2012-11-15 2013-03-13 北京小米科技有限责任公司 Method and device for sharing cloud data
CN104113466A (en) * 2013-04-17 2014-10-22 腾讯科技(深圳)有限公司 Harassing phone call identification method, client, server and system
CN103369486A (en) * 2013-08-01 2013-10-23 上海粱江通信系统股份有限公司 System and method for preventing fraud SMS (Short message Service) message

Also Published As

Publication number Publication date
CN105635044A (en) 2016-06-01

Similar Documents

Publication Publication Date Title
CN105635044B (en) Information synchronization method and device
US11856132B2 (en) Validating automatic number identification data
CN104468249B (en) Account abnormity detection method and device
US10002174B2 (en) System and method for maintaining device state coherency
CN110730195B (en) Data processing method and device and computer readable storage medium
US20200265438A1 (en) Systems and methods for estimating authenticity of local network of device initiating remote transaction
JP6880055B2 (en) Message anti-counterfeiting implementation method and device
CN106507354B (en) Method and device for preventing mobile equipment from being maliciously registered
CN104753675B (en) Information Authentication method, electric paying method, terminal, server and system
CN110033280B (en) Payment anti-shake method and device
CN109344599A (en) A kind of authentication management method, device, terminal and medium
CN106559419A (en) The application and identification method and identification terminal of short message verification code
CN106507352A (en) The website identification method of short message verification code and identification terminal
CN114003904B (en) Information sharing method, device, computer equipment and storage medium
CN107872446B (en) Communication account management method and device and server
CN107040497B (en) Network account anti-theft method and device
CN106571971B (en) Method, device and system for detecting vacant website
CN108848061B (en) User information transmission method and terminal equipment
EP3334086A1 (en) Online authentication method based on smart card, smart card and authentication server
US20150066763A1 (en) Method and apparatus for cross channel monitoring
CN109842587B (en) Method and device for monitoring system safety
WO2020000753A1 (en) Device security monitoring method and apparatus
CN103326892B (en) The operating method and device of web interface
CN116233851A (en) Verification method, device, equipment and medium based on SIM card
CN111127183A (en) Data processing method, device, server and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant