CN113630395B - Anti-phishing method, client and system for communication content - Google Patents

Anti-phishing method, client and system for communication content Download PDF

Info

Publication number
CN113630395B
CN113630395B CN202110857805.8A CN202110857805A CN113630395B CN 113630395 B CN113630395 B CN 113630395B CN 202110857805 A CN202110857805 A CN 202110857805A CN 113630395 B CN113630395 B CN 113630395B
Authority
CN
China
Prior art keywords
information
phishing
user
instant messaging
fishing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110857805.8A
Other languages
Chinese (zh)
Other versions
CN113630395A (en
Inventor
杨腾霄
马宇尘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Newdun Wangan Technology Co ltd
Original Assignee
Shanghai Newdun Wangan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Newdun Wangan Technology Co ltd filed Critical Shanghai Newdun Wangan Technology Co ltd
Priority to CN202110857805.8A priority Critical patent/CN113630395B/en
Publication of CN113630395A publication Critical patent/CN113630395A/en
Application granted granted Critical
Publication of CN113630395B publication Critical patent/CN113630395B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses an anti-phishing method, a client and a system for communication content, and relates to the technical field of network security. A method of anti-phishing of communication content, comprising the steps of: collecting work or occupation information of an instant messaging user; detecting instant messaging interaction information of the user and the contact person object when the work or the occupation is judged to belong to a preset sensitive work or occupation type; judging whether the instant messaging interaction information contains fishing sensitive data or not; and executing anti-phishing safety action when the data containing the phishing sensitivity is judged. The invention can effectively monitor the instant communication content of the sensitive user, promote the network security consciousness of the user and timely prevent the user from being cheated by fishing.

Description

Anti-phishing method, client and system for communication content
Technical Field
The invention relates to the technical field of network security, in particular to an anti-phishing method, a client and a system for communication content.
Background
Commercial mail phishing fraud (Business Email Compromise, BEC for short) is a major mainstay in global malicious fraud practices. Fraudsters conduct counterfeiting and fraudulent activities by registering domain names in proximity to the customer's principal and sending related mail, using socioeconomic skills.
In the implementation process of the phishing fraud of the commercial mail, according to different scenes, an attacker may impersonate a manager or an internal person of an authority of an enterprise, acquire sensitive information of the attacker through a social engineering method, and send the commercial fraud mail to a designated attack target. Unlike pure Email fraud (Email spafing), such Email fraud is often more concealed, and is generally targeted to core personnel such as corporate management or finance, which is also more targeted and intended for fraud and greater harm to the corporation. Because an attacker often counterfeits an advanced manager of the enterprise to issue instructions to lower-level employees to obtain business confidential information or to have the employees transfer funds to a false account. Such Fraud is sometimes also referred to as CEO Fraud (CEO Fraud).
Since email is the most direct break for commercial email phishing fraud, email is generally filtered for security in the prior art, thereby implementing phishing defenses. However, in the case that the illegal e-mail cannot be effectively filtered, the prior art has no further remedy, and the personnel who receive the e-mail containing the phishing information may be weak in safety or careless in time, and may be successfully phished. For example, after the phishing mail is successfully phished, the financial staff receiving the phishing mail can be added into the corresponding instant messaging chat group (disguised as a work management group, a company management group, a department management group and the like) according to the requirements in the mail, and then the fraudsters conduct information interaction through the chat group, so that the financial staff and the related cashiers are attracted into a well-designed cheating office, and the financial staff and the related cashiers are attracted to transfer funds into the cheating account.
In summary, according to the main fraud object types of commercial mail and the role of instant messaging interaction in the phishing fraud process of mail, whether a new phishing prevention scheme for communication content can be provided is a technical problem to be solved currently.
Disclosure of Invention
The invention aims to provide an anti-phishing method, a client and a system for communication content, which can detect instant communication interaction information of a user and a contact object to judge whether phishing sensitive data is contained or not under the condition that the user is judged to belong to a sensitive job or a professional type, and can execute corresponding anti-phishing safety actions when the phishing sensitive data is contained. The invention can effectively monitor the instant communication content of the sensitive user, promote the network security consciousness of the user and timely prevent the user from being cheated by fishing.
In order to achieve the above object, the present invention provides the following technical solutions:
a method, a client and a system for preventing phishing of communication content comprise the following steps:
collecting work or occupation information of an instant messaging user;
detecting instant messaging interaction information of the user and the contact person object when the work or the occupation is judged to belong to a preset sensitive work or occupation type;
judging whether the instant messaging interaction information contains fishing sensitive data or not;
and executing anti-phishing safety action when the data containing the phishing sensitivity is judged.
Further, the executing the anti-phishing security action is to output warning information to the user, and the mode of outputting the warning information is one of the following modes:
firstly, outputting warning information corresponding to an instant messaging interactive interface of a user and a contact object;
outputting warning information in an instant messaging interactive interface between a user and a contact object;
the third mode is that the instant communication information position containing phishing sensitive data in the instant communication interaction information is obtained, the instant communication information is text information, audio information, static image information and/or dynamic image information, and warning information is output corresponding to the instant communication information position;
and in a fourth mode, identifying the position of the content containing the phishing sensitive data in the instant messaging interaction information, wherein the content is text information, audio information, static image information and/or dynamic image information, and outputting warning information corresponding to the identification.
Further, when the warning information is output in the fourth mode, when the content containing the fishing sensitive data belongs to the audio message, acquiring and displaying the text content corresponding to the audio message, and identifying the position related to the fishing sensitive data in the displayed text content; when the content containing the phishing sensitive data belongs to the video image message, the position of the phishing sensitive data in each frame of image related to the phishing sensitive data in the video is identified.
Further, the executing anti-phishing safety action is used for transmitting information related to fishing risks to the anti-phishing friends corresponding to the user for evaluation, and an alarm is sent to the user when the fishing risks exist in the evaluation result; the phishing risk related information comprises the phishing sensitive data, an instant messaging message to which the phishing sensitive data belongs and/or a contextual instant messaging message related to the instant messaging message to which the phishing sensitive data belongs.
Further, the step of transmitting the fishing risk related information to the anti-fishing friend group corresponding to the user for evaluation is as follows,
judging whether a user is provided with a fishing preventing friend group or not;
when the fact that the anti-phishing friend group exists is judged, the related information of the phishing risk is sent to the anti-phishing friend group for evaluation;
when judging that the anti-phishing friend group does not exist, acquiring preset anti-phishing associated contact person information based on the work or occupation information of the user, triggering and establishing the anti-phishing friend group based on the anti-phishing associated contact person, and sending the related information of the fishing risk to the anti-phishing friend group for evaluation.
Further, obtaining a comment result and displaying an instant messaging interactive interface corresponding to the user and the contact object; and/or the number of the groups of groups,
and displaying the instant messaging interactive interface with the contact object in the ITEM of the contact object.
Further, the method for transmitting the fishing risk related information to the anti-fishing friend group for evaluation is that,
the fishing risk related information is used as a group message sent by the user to be displayed in a group communication interactive interface of the anti-fishing friend group, a comment collecting control is arranged in the group communication interactive interface corresponding to the group message, and comment information of group members is collected through the comment collecting control;
or, displaying the related information of the fishing risk as the group notice issued by the user in a group communication interactive interface of the anti-fishing friend group, and setting a comment collecting control corresponding to the group notice in the group communication interactive interface, and collecting comment information of group members through the comment collecting control.
Further, the comment collecting control is associated with a comment collecting interface, and after the comment collecting control is triggered, the comment collecting interface can be transmitted for the triggered group members to input comment information;
and a display permission setting control is further arranged corresponding to the comment information, and the display permission setting control is used for setting visible permission and/or validity time of the corresponding comment information.
The invention also provides an anti-phishing client of the communication content, which comprises the following structures:
the information setting module is used for setting work or occupation information of the instant messaging user and setting work or occupation belonging to sensitive work or occupation types;
the user identity judging module is used for collecting work or occupation information of the instant messaging user and judging whether the work or occupation belongs to the sensitive work or occupation type;
the detection module is used for detecting instant messaging interaction information of the user and the contact person object when the job or the occupation is judged to belong to a preset sensitive job or occupation type, and judging whether the instant messaging interaction information contains fishing sensitive data or not;
and the safety control module is used for executing anti-phishing safety actions when judging that the fishing sensitive data are contained.
The invention also provides an anti-phishing processing system of the communication content, which comprises an instant communication client and an anti-phishing system server which are in communication connection;
the instant messaging client is used for enabling the user to conduct instant messaging interaction with the contact object and setting work or occupation information of the instant messaging user;
the anti-phishing system server is used for setting work types or occupations belonging to sensitive work types or occupations, collecting work types or occupations information of instant messaging users, detecting instant messaging interaction information of the users and contact objects when the work types or the occupations are judged to belong to preset sensitive work types or occupations, judging whether the instant messaging interaction information contains phishing sensitive data, and executing anti-phishing safety actions when the instant messaging interaction information contains the phishing sensitive data.
Compared with the prior art, the invention has the following advantages and positive effects by taking the technical scheme as an example: under the condition that the user is judged to belong to a sensitive job or occupation type, when the user and the contact person object instant messaging interaction information are detected to judge whether the fishing sensitive data are contained, corresponding anti-fishing safety actions can be executed when the fishing sensitive data are contained. The invention can effectively monitor the instant communication content of the sensitive user, promote the network security consciousness of the user and timely prevent the user from being cheated by fishing.
Drawings
Fig. 1 is a flowchart of an anti-phishing method of communication content according to an embodiment of the present invention.
Fig. 2 is an exemplary diagram of an interface for outputting alert information through an instant messaging interactive interface according to an embodiment of the present invention.
Fig. 3 is a diagram illustrating an exemplary group contact display interface of an instant messaging tool according to an embodiment of the present invention.
Fig. 4 is an exemplary diagram of a group communication interaction interface of an anti-phishing friend group according to an embodiment of the present invention.
Fig. 5 is a block diagram of a client according to an embodiment of the present invention.
Fig. 6 is a block diagram of a system according to an embodiment of the present invention.
Reference numerals illustrate:
user terminal 100, user avatar 110, group contact list 120, group contact object 121, group member 121-1;
instant messaging interactive interface 200, contact object name 210, interactive information display column 220, interactive information input column 230, toolbar 240, other information display column 250;
the group communication interaction interface 300, the group name 310, the interaction information display column 320, the interaction information input column 330, the group other information display column 340, the group member display column 350, the instant communication message 360, the audit opinion collection control 361 and the audit opinion display control 362;
the system comprises a client 400, an information setting module 410, a user identity judging module 420, a detecting module 430 and a security control module 440;
the system 500, instant messaging client 510, anti-phishing system server 520.
Detailed Description
The anti-phishing method, client and system of the disclosed communication content are described in further detail below with reference to the accompanying drawings and specific embodiments. It should be noted that the technical features or combinations of technical features described in the following embodiments should not be regarded as being isolated, and they may be combined with each other to achieve a better technical effect. In the drawings of the embodiments described below, like reference numerals appearing in the various drawings represent like features or components and are applicable to the various embodiments. Thus, once an item is defined in one drawing, no further discussion thereof is required in subsequent drawings.
It should be noted that the structures, proportions, sizes, etc. shown in the drawings are merely used in conjunction with the disclosure of the present specification, and are not intended to limit the applicable scope of the present invention, but rather to limit the scope of the present invention. The scope of the preferred embodiments of the present invention includes additional implementations in which functions may be performed out of the order described or discussed, including in a substantially simultaneous manner or in an order that is reverse, depending on the function involved, as would be understood by those of skill in the art to which embodiments of the present invention pertain.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but should be considered part of the specification where appropriate. In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of the exemplary embodiments may have different values.
Examples
Referring to fig. 1, an anti-phishing method for communication content according to an embodiment of the present invention is shown. The method comprises the following steps:
s100, collecting work kind or occupation information of the instant messaging user.
The user's job or occupation information may be set by the user or the system. Specifically, for example, the user can actively set his work kind or occupation information based on the instant messaging tool.
The instant messaging tool, also called instant messaging tool, generally refers to a client with instant messaging function in the art, such as micro-messaging, QQ, and nailing. By way of example and not limitation, the instant messaging tool may be a web-based application, a PC-based application, or a handheld terminal APP application. Optionally, an industrial type or occupation setting column is set in the instant messaging tool for the user to set related information.
And S200, detecting instant messaging interaction information of the user and the contact person object when the job or the occupation is judged to belong to a preset sensitive job or occupation type.
And comparing the work or occupation information of the user with a preset sensitive work or occupation type, and detecting instant messaging interaction information of the user and a contact person object when the work or occupation is judged to belong to the sensitive work or occupation type. By way of example and not limitation, the categories or professions may be classified into general types and sensitive types, the sensitive types being more sensitive to cyber security than the general types, the categories or professions corresponding to the sensitive types generally being ones that are readily selected by cyber attackers. Alternatively, considering that the subject of CEO fraud is typically a staff of a core department such as a corporate management or finance, in this embodiment, a staff or occupation such as a corporate management, finance staff, cashier is set as a sensitive type.
For users of sensitive job types or occupation types, instant messaging interaction information (i.e., chat information) with contact objects can be monitored.
S300, judging whether the instant messaging interaction information contains fishing sensitive data.
For example, when keywords such as transfer, remittance, transaction money are included in the instant messaging interaction information, it may be determined that phishing sensitive data is included.
The keywords may be stored in a preset anti-phishing security database, which may be set by the instant messaging server, in which a blacklist of keywords related to phishing attacks may be stored.
S400, executing anti-phishing safety action when judging that the fishing sensitive data are contained.
In this embodiment, the execution of the anti-phishing security action is preferably outputting alert information to the user. Specifically, the mode of outputting the warning information may be one of the following modes:
in one mode, the warning information is output corresponding to the instant messaging interactive interface of the user and the contact object.
By way of example and not limitation, fishing warning information is output on the instant messaging interactive interface, such as through a pop-up window.
And secondly, outputting warning information in an instant messaging interactive interface between the user and the contact object.
Referring to fig. 2, when the interaction information includes phishing sensitive data, alert information may be output in a contact name field of the contact object.
Optionally, all anti-phishing warning information is output in the other information display column 250 of the instant messaging interactive interface 200. When the anti-phishing warning information is displayed, the anti-phishing warning information is preferably displayed according to the sequence of sending time of the message where the phishing sensitive data are located. A trigger item can be further set corresponding to each anti-phishing warning information, but when the user triggers the trigger item, a message of the corresponding phishing sensitive data and a message of the context thereof can be output in the interactive information display column 220, so that the user can quickly know chat information details corresponding to the phishing sensitive data through the instant communication interactive interface 200.
And thirdly, acquiring the position of the instant messaging message containing the phishing sensitive data in the instant messaging interaction information. The instant messaging message can be a text message, an audio message, a static image message and/or a dynamic image message, and the warning information is output corresponding to the position of the instant messaging message.
In a fourth mode, the position of the content containing the phishing sensitive data in the instant messaging interaction information is identified, the content can be text information, audio information, static image information and/or dynamic image information, and warning information is output corresponding to the identification.
Preferably, when the warning information is output in this way, when the content containing the phishing sensitive data belongs to the audio message, the text content corresponding to the audio message can be acquired and displayed, and the position related to the phishing sensitive data is identified in the displayed text content. When the content containing the phishing sensitive data belongs to the video image message, the position of the phishing sensitive data in each frame of image related to the phishing sensitive data in the video can be identified.
The identification is, for example, by a rectangular frame or by adjusting the background color corresponding to the content, which is not limited herein.
In another implementation manner of this embodiment, the executing the anti-phishing security action may further perform a comment for sending information about a fishing risk to an anti-phishing friend group corresponding to the user, and send an alarm to the user when a fishing risk exists in the result of the comment.
The phishing risk related information may include the phishing sensitive data, an instant communication message to which the phishing sensitive data belongs, and/or a contextual instant communication message related to the instant communication message to which the phishing sensitive data belongs.
At this time, preferably, the step of sending the fishing risk related information to the fishing preventing friend group corresponding to the user for evaluation is as follows:
judging whether a user is provided with a fishing preventing friend group or not; when the fact that the anti-phishing friend group exists is judged, the related information of the phishing risk is sent to the anti-phishing friend group for evaluation; when judging that the anti-phishing friend group does not exist, acquiring preset anti-phishing associated contact person information based on the work or occupation information of the user, triggering and establishing the anti-phishing friend group based on the anti-phishing associated contact person, and sending the related information of the fishing risk to the anti-phishing friend group for evaluation.
In this embodiment, the anti-phishing related contact information is preset, and may be set by a user or a system. In this embodiment, the anti-phishing related contact is automatically set by the system, and the system selects the anti-phishing related contact based on the work or occupation information of the remarks of the user.
It can be understood that if the user has a history operation of using the anti-phishing friend group to perform the evaluation, the anti-phishing friend group will already exist in the address book of the instant messaging tool of the user, and at this time, the related information of the fishing risk can be directly sent to the anti-phishing friend group to perform the evaluation. If the user triggers the anti-phishing friend group evaluation operation for the first time, an anti-phishing friend group is required to be established according to instant messaging account information of a preset anti-phishing associated contact person, and then the related information of the fishing risk is sent to the anti-phishing friend group for evaluation.
In the prior art, a user establishes a connection between an instant messaging client and an instant messaging server by logging in an instant messaging tool. The instant messaging tool outputs a user main interface to a user through a user terminal display screen. Referring to fig. 3, the user main interface may display a user avatar 110, a search bar, instant communication messages and contact information pushed by an instant communication server, and the like. The contact list may generally include a buddy list and a group contact list (or group chat list, group list, and group list), which the user may control to display through the user main interface by selecting a corresponding operation control. Referring to fig. 2, after the user selects the group chat (or group control) control, the user main interface outputs a group contact list 120, and information such as an avatar, a nickname, a signature, an online state, and a group member 121-1 of the group contact object 121 is recorded in the group contact list 120. If the user triggers an interactive operation, such as triggering a corresponding group contact head image, for a certain group in the group contact list, a group communication interactive interface (or group instant messaging interactive interface or group chat interface) is correspondingly generated. The group communication interaction interface can display historical interaction information, current interaction information and the like of group members.
With continued reference to fig. 3, the anti-phishing friend group is already set in the group contact list 120 of the user, and at this time, the above-mentioned information related to the phishing risk may be directly sent to the anti-phishing friend group for evaluation.
Optionally, acquiring a comment result and displaying an instant messaging interactive interface corresponding to the user and the contact object; and/or displaying the instant messaging interactive interface with the contact object in the ITEM of the contact object.
In one implementation manner of this embodiment, the manner of sending the fishing risk related information to the anti-fishing friend group for evaluation is: and displaying the phishing risk related information as a group message sent by the user in a group communication interactive interface of the phishing preventing friend group, as shown in fig. 4. And setting a comment collecting control corresponding to the group message in the group communication interactive interface, and collecting comment information of group members through the comment collecting control.
And the comment collecting control is associated with a comment collecting interface. After the evaluation opinion collection control is triggered, the display screen can input the evaluation opinion collection interface for the triggered group members to input evaluation opinion information.
Preferably, a display permission setting control is further arranged corresponding to the comment information, and the display permission setting control is used for setting visible permission and/or validity time of the corresponding comment information.
And a comment display control is also arranged corresponding to the group message, and the comment display control can output comment information of the application request after being triggered.
And obtaining visible authority information of each group member for setting the respective comment and comment on the basis of the visible authority information, and hiding or shielding the group member comment and comment according to the visible authority information.
The visible permission can comprise a plurality of options of only the comment application user, all the group members are visible, part of the group members are visible and part of the group members are invisible, and one or more sub-options can be arranged under each option for the system or the user to set the viewing permission of the comment information.
Preferably, the visibility authority of the comment information of all the group members is set by default to be visible only to the group members whose job level is higher than that of the group members themselves. In this way, the comment information that can be viewed by each group member can be set according to the job level of the group member. The technical scheme is particularly suitable for the anti-phishing friend group established based on personnel in the enterprise, and can effectively avoid that the group members with lower job classes refer to the comments of the group members with higher job classes for catering to or advising people with higher job classes.
The above technical solution is described in detail below with reference to fig. 4.
Referring to fig. 4, an interface diagram of the group communication interactive interface 300 is illustrated, after the fishing risk related information is sent to the anti-fishing friend group in the form of a group message, the group communication interactive interface 300 illustrated in fig. 4 may be popped up, and the user may perform information interaction in the group communication interactive interface. The group communication interactive interface 300 may include a group name 310, an interactive information display field 320, an interactive information input field 330, a device information display field 340, and a group member display field 350. The transmitted fishing risk related information is output in the interactive information display column 320 in a mode of an instant communication message 360, and a comment collecting control 361 and a comment displaying control 362 are output corresponding to the instant communication message 360.
The comment collection control 361 is associated with a comment collection interface. After the evaluation opinion collection control is triggered, the display screen can input the evaluation opinion collection interface for the triggered group members to input evaluation opinion information. And a display permission setting control is further arranged corresponding to the comment information, and the display permission setting control is used for setting visible permission and/or validity time of the corresponding comment information.
The comment presentation control 362 is triggered to output comment information for the group member regarding the fishing risk related information. Preferably, the comment information of each group member is output in the form of a list.
And obtaining visible authority information of each group member for setting the respective comment and comment on the basis of the visible authority information, and hiding or shielding the group member comment and comment according to the visible authority information.
In another implementation manner of this embodiment, the fishing risk related information may be further used as a group notification issued by the user to be displayed in a group communication interactive interface of the anti-fishing friend group, and a comment collecting control is set in the group communication interactive interface corresponding to the group notification, and comment information of the group member is collected through the comment collecting control.
In the same way as in the foregoing embodiment, a comment display control may also be provided corresponding to the group message, where the comment display control is triggered to output comment information of the fishing risk related information. Other technical features refer to the previous embodiments and are not described in detail here.
In this embodiment, the step of performing the evaluation may specifically be as follows: acquiring comment information of each group member in the anti-phishing friend group; counting the number of group members in the comment, judging that the communication content contains phishing sensitive data, and judging whether the number of the group members exceeds a preset number threshold; and judging the communication content as phishing information when the preset quantity threshold value is exceeded.
The preset number threshold may be set by the user or the system, such as by way of example and not limitation, setting the number threshold to 1/2 of the total number of group members.
In another implementation manner of this embodiment, for the anti-phishing friend group built in the enterprise, the comments of the group members may be set differently according to the job level of the user, where the step of performing the comments may specifically be as follows:
acquiring the job level and comment information of each group member in the anti-fishing group, dividing the group members with the job level equal to or higher than the job level of the user into high job groups, and dividing the group members with the job level lower than the job level of the user into low job groups;
for the high-duty group, the initial value of the evaluation statistic value H is set to be 0; for each group member of the high-duty group, acquiring the comment information of the group member, judging whether the comment information of the group member contains fishing sensitive data, executing H++ if the judgment is yes, otherwise, keeping the current H value unchanged;
for the low duty group, the initial value of the evaluation statistic value L is set to be 0; for each group member of the low-duty group, acquiring comment information of the group member, judging whether the comment information of the group member contains fishing sensitive data, executing L++ if the comment information is judged to be the fishing sensitive data, otherwise, keeping the current L value unchanged;
obtaining final values of a comment statistic value H and a comment statistic value L, judging whether the H or the L exceeds a preset quantity threshold value, and judging that the communication content is fishing information when one of the H or the L exceeds the preset quantity threshold value; if both do not exceed the preset number threshold, the conventional communication content is determined.
Referring to fig. 5, in another embodiment of the present invention, an anti-phishing client of communication content is provided.
The client 400 includes an information setting module 410, a user identity judging module 420, a detecting module 430 and a security control module 440.
The information setting module 410 is configured to set job or occupation information of the instant messaging user, and set job or occupation belonging to a sensitive job or occupation type.
The user identity determining module 420 is configured to collect job information or occupation information of the instant messaging user, and determine whether the job information or occupation is of the sensitive job information or occupation type.
The detection module 430 is configured to detect instant messaging interaction information between the user and the contact object when it is determined that the job or occupation belongs to a preset sensitive job or occupation type, and determine whether the instant messaging interaction information includes fishing sensitive data.
The security control module 440 is configured to perform an anti-phishing security action when it is determined that the phishing sensitive data is included.
For other technical features, reference is made to the foregoing embodiments, and each module may be configured to perform corresponding information acquisition, storage, transmission and information processing procedures, which are not described herein.
Referring to fig. 6, another embodiment of the present invention provides an anti-phishing processing system for communication content.
The system 500 includes an instant messaging client 510 and an anti-phishing system server 520 in communication connection.
The instant messaging client 510 is configured to allow a user to perform instant messaging interaction with a contact object, and set job information or occupation information of the instant messaging user.
The anti-phishing system server 520 is configured to set a job or a job belonging to a sensitive job or a job type, collect job or job information of an instant messaging user, detect instant messaging interaction information of the user and a contact object when the job or job is determined to be of a preset sensitive job or job type, determine whether the instant messaging interaction information contains phishing sensitive data, and execute anti-phishing safety actions when the instant messaging interaction information is determined to contain phishing sensitive data.
Other technical features referring to the previous embodiments, each component may be configured to perform corresponding information acquisition, storage, transmission and information processing procedures, and will not be described herein.
In the above description, the disclosure of the present invention is not intended to limit itself to these aspects. Rather, the components may be selectively and operatively combined in any number within the scope of the present disclosure. In addition, terms like "comprising," "including," and "having" should be construed by default as inclusive or open-ended, rather than exclusive or closed-ended, unless expressly defined to the contrary. All technical, scientific, or other terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Common terms found in dictionaries should not be too idealized or too unrealistically interpreted in the context of the relevant technical document unless the present disclosure explicitly defines them as such. Any alterations and modifications of the present invention, which are made by those of ordinary skill in the art based on the above disclosure, are intended to be within the scope of the appended claims.

Claims (9)

1. A method for preventing phishing of communication content, comprising the steps of:
collecting work or occupation information of an instant messaging user;
detecting instant messaging interaction information of the user and the contact person object when the work or the occupation is judged to belong to a preset sensitive work or occupation type;
judging whether the instant messaging interaction information contains fishing sensitive data or not;
executing anti-phishing safety action when judging that the fishing sensitive data are contained; the executing anti-phishing safety action is used for transmitting information related to fishing risks to an anti-phishing friend group corresponding to the user for evaluation, and alarming is sent to the user when the fishing risks exist in the evaluation result; the fishing risk related information comprises the fishing sensitive data and instant communication information to which the fishing sensitive data belongs;
the step of sending the fishing risk related information to the fishing preventing friend group corresponding to the user for evaluation comprises the following steps: judging whether a user is provided with a fishing preventing friend group or not; when the fact that the anti-phishing friend group exists is judged, the related information of the phishing risk is sent to the anti-phishing friend group for evaluation; when judging that the anti-phishing friend group does not exist, acquiring preset anti-phishing associated contact person information based on the work or occupation information of the user, triggering and establishing the anti-phishing friend group based on the anti-phishing associated contact person, and sending the related information of the phishing risk to the anti-phishing friend group for evaluation;
the anti-phishing associated contact is set by a user or a system; when the system sets the anti-phishing association contact, the anti-phishing association contact is set based on the work or occupation information of the user.
2. The method according to claim 1, characterized in that: the execution of the anti-phishing safety action is to output warning information to a user in one of the following ways,
firstly, outputting warning information corresponding to an instant messaging interactive interface of a user and a contact object;
outputting warning information in an instant messaging interactive interface between a user and a contact object;
the third mode is that the instant communication information position containing phishing sensitive data in the instant communication interaction information is obtained, the instant communication information is text information, audio information, static image information and/or dynamic image information, and warning information is output corresponding to the instant communication information position;
and in a fourth mode, identifying the position of the content containing the phishing sensitive data in the instant messaging interaction information, wherein the content is text information, audio information, static image information and/or dynamic image information, and outputting warning information corresponding to the identification.
3. The method according to claim 2, characterized in that: when the warning information is output in the fourth mode, when the content containing the fishing sensitive data belongs to the audio message, acquiring and displaying the text content corresponding to the audio message, and marking the position related to the fishing sensitive data in the displayed text content; when the content containing the phishing sensitive data belongs to the video image message, the position of the phishing sensitive data in each frame of image related to the phishing sensitive data in the video is identified.
4. The method according to claim 1, characterized in that: the fishing risk related information also comprises a contextual instant messaging message related to the instant messaging message to which the fishing risk related information belongs.
5. The method according to claim 1, characterized in that: acquiring a comment result and displaying an instant messaging interactive interface corresponding to the user and the contact object; and/or the number of the groups of groups,
and displaying the instant messaging interactive interface with the contact object in the ITEM of the contact object.
6. The method according to claim 1, characterized in that: the method for transmitting the fishing risk related information to the anti-fishing friend group for evaluation is that,
the fishing risk related information is used as a group message sent by the user to be displayed in a group communication interactive interface of the anti-fishing friend group, a comment collecting control is arranged in the group communication interactive interface corresponding to the group message, and comment information of group members is collected through the comment collecting control;
or, displaying the related information of the fishing risk as the group notice issued by the user in a group communication interactive interface of the anti-fishing friend group, and setting a comment collecting control corresponding to the group notice in the group communication interactive interface, and collecting comment information of group members through the comment collecting control.
7. The method according to claim 6, wherein: the evaluation opinion collecting control is associated with an evaluation opinion collecting interface, and after the evaluation opinion collecting control is triggered, the evaluation opinion collecting interface can be input for the triggered group members to input evaluation opinion information;
and a display permission setting control is further arranged corresponding to the comment information, and the display permission setting control is used for setting visible permission and/or validity time of the corresponding comment information.
8. An angling protected instant messaging client according to the method of claim 1, comprising:
the information setting module is used for setting work or occupation information of the instant messaging user and setting work or occupation belonging to sensitive work or occupation types;
the user identity judging module is used for collecting work or occupation information of the instant messaging user and judging whether the work or occupation belongs to the sensitive work or occupation type;
the detection module is used for detecting instant messaging interaction information of the user and the contact person object when the job or the occupation is judged to belong to a preset sensitive job or occupation type, and judging whether the instant messaging interaction information contains fishing sensitive data or not;
and the safety control module is used for executing anti-phishing safety actions when judging that the fishing sensitive data are contained.
9. A communication content protection phishing processing system according to the method of claim 1, wherein: the anti-phishing system comprises an instant communication client and an anti-phishing system server which are in communication connection;
the instant messaging client is used for enabling the user to conduct instant messaging interaction with the contact object and setting work or occupation information of the instant messaging user;
the anti-phishing system server is used for setting work types or occupations belonging to sensitive work types or occupations, collecting work types or occupations information of instant messaging users, detecting instant messaging interaction information of the users and contact objects when the work types or the occupations are judged to belong to preset sensitive work types or occupations, judging whether the instant messaging interaction information contains phishing sensitive data, and executing anti-phishing safety actions when the instant messaging interaction information contains the phishing sensitive data.
CN202110857805.8A 2021-07-28 2021-07-28 Anti-phishing method, client and system for communication content Active CN113630395B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110857805.8A CN113630395B (en) 2021-07-28 2021-07-28 Anti-phishing method, client and system for communication content

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110857805.8A CN113630395B (en) 2021-07-28 2021-07-28 Anti-phishing method, client and system for communication content

Publications (2)

Publication Number Publication Date
CN113630395A CN113630395A (en) 2021-11-09
CN113630395B true CN113630395B (en) 2023-06-06

Family

ID=78381342

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110857805.8A Active CN113630395B (en) 2021-07-28 2021-07-28 Anti-phishing method, client and system for communication content

Country Status (1)

Country Link
CN (1) CN113630395B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9344449B2 (en) * 2013-03-11 2016-05-17 Bank Of America Corporation Risk ranking referential links in electronic messages
US9160766B2 (en) * 2014-03-12 2015-10-13 Symantec Corporation Systems and methods for protecting organizations against spear phishing attacks
CN104935494B (en) * 2014-03-19 2019-04-23 腾讯科技(深圳)有限公司 Information processing method and device
US9253208B1 (en) * 2015-03-05 2016-02-02 AO Kaspersky Lab System and method for automated phishing detection rule evolution
US20170195293A1 (en) * 2015-12-31 2017-07-06 Check Point Software Technologies Ltd. System and method to detect and prevent phishing attacks

Also Published As

Publication number Publication date
CN113630395A (en) 2021-11-09

Similar Documents

Publication Publication Date Title
US11546375B2 (en) Detection of external messaging attacks using trust relationships
US20230344869A1 (en) Detecting phishing attempts
US12074850B2 (en) Mitigating communication risk by verifying a sender of a message
US9674221B1 (en) Collaborative phishing attack detection
US9253207B2 (en) Collaborative phishing attack detection
US9398038B2 (en) Collaborative phishing attack detection
US20190052655A1 (en) Method and system for detecting malicious and soliciting electronic messages
US8793789B2 (en) Insider threat correlation tool
US10346609B2 (en) Method to establish virtual security perimeters
US8474042B2 (en) Insider threat correlation tool
US11297024B1 (en) Chat-based systems and methods for data loss prevention
CN113630397B (en) E-mail security control method, client and system
CN110061981A (en) A kind of attack detection method and device
CN113630395B (en) Anti-phishing method, client and system for communication content
Schiller et al. Towards an empirical study to determine the effectiveness of support systems against e-mail phishing attacks
CN113645205B (en) Safety control method, client and system for adding contact person for preventing phishing
CN105007212B (en) The methods of exhibiting and device of message feedback item in social network message issue
CN108965350B (en) Mail auditing method, device and computer readable storage medium
CN113630399B (en) Anti-phishing method, device and system based on gateway
KR20150131846A (en) Method and System for preventing Login ID theft using captcha
US12101284B2 (en) Computerized system for analysis of vertices and edges of an electronic messaging system
US20230171212A1 (en) Computerized System For Analysis Of Vertices And Edges Of An Electronic Messaging System
TW202232918A (en) Abnormal mail warning method and abnormal mail warning system
TWM612364U (en) Abnormal mail warning system
Valeeva SPAM AND ANTI-SPAM METHODS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant