EA201892372A1 - METHOD AND SYSTEM FOR IDENTIFYING DEVICES RELATED TO FRAUDULAR FISHING ACTIVITY - Google Patents

METHOD AND SYSTEM FOR IDENTIFYING DEVICES RELATED TO FRAUDULAR FISHING ACTIVITY

Info

Publication number
EA201892372A1
EA201892372A1 EA201892372A EA201892372A EA201892372A1 EA 201892372 A1 EA201892372 A1 EA 201892372A1 EA 201892372 A EA201892372 A EA 201892372A EA 201892372 A EA201892372 A EA 201892372A EA 201892372 A1 EA201892372 A1 EA 201892372A1
Authority
EA
Eurasian Patent Office
Prior art keywords
data
activity
website
fraudulent
phishing
Prior art date
Application number
EA201892372A
Other languages
Russian (ru)
Other versions
EA038687B1 (en
Inventor
Иван Александрович ОБОЛЕНСКИЙ
Александр Артурович АНИСТРАТЕНКО
Original Assignee
Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) filed Critical Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк)
Publication of EA201892372A1 publication Critical patent/EA201892372A1/en
Publication of EA038687B1 publication Critical patent/EA038687B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Заявленное изобретение относится к области вычислительной техники, в частности к способу и системе выявления устройств, связанных с мошеннической фишинговой активностью. Технический результат заключается в повышении защиты информационных продуктов за счет идентификации устройств мошенников, связанных с фишинговыми веб-ресурсами, для их последующего блокирования при попытках доступа к информационным продуктам с помощью данных пользователей. Способ выявления устройств, связанных с мошеннической фишинговой активностью, содержащит этапы, на которых с помощью процессора вычислительного устройства: a) определяют веб-сайт подлежащий проверке на предмет фишинговой активности; b) выявляют элементы интерфейса веб-сайта, представляющие по меньшей мере одну форму для ввода данных, причем веб-сайт предназначен для перехвата регистрационных данных пользователя, относящихся к финансовому продукту или услуге; c) определяют по меньшей мере одну область интерфейса для ввода текста в форму ввода данных; d) определяют тип данных, подлежащий вводу в каждую из выявленных форм для ввода данных; e) выполняют обращение к базе данных, содержащей трекинговую информацию, необходимую для ввода данных по меньшей мере в одну форму данных, выявленную на этапе d); f) осуществляют автоматическое заполнение каждой из упомянутой формы упомянутыми трекинговыми данными; g) выполняют регистрацию на веб-сайте с помощью упомянутых трекинговых данных для доступа к финансовой услуге или продукту; h) осуществляют мониторинг активности использования упомянутых трекинговых данных по меньшей мере для одного устройства, связанного с мошеннической активностью; i) получают на основании упомянутого мониторинга уникальный аппаратный идентификатор (УАИД) упомянутого устройства, связанного с мошеннической активностью; и j) передают УАИД в базу данных для добавления в черный список для последующего блокирования транзакционных операций с помощью соответствующего аппаратного идентификатора.The claimed invention relates to the field of computing, in particular to a method and system for detecting devices associated with fraudulent phishing activity. The technical result consists in increasing the protection of information products by identifying the devices of fraudsters associated with phishing web resources for their subsequent blocking when trying to access information products using user data. A method for detecting devices associated with fraudulent phishing activity comprises the steps at which, using the processor of the computing device: a) determining the website to be scanned for phishing activity; b) identifying website interface elements presenting at least one data entry form, the website being designed to intercept user credentials related to a financial product or service; c) define at least one area of the interface for entering text in the data entry form; d) determine the type of data to be entered into each of the identified data entry forms; e) accessing a database containing tracking information necessary to enter data into at least one form of data identified in step d); f) performing automatic filling of each of said form with said tracking data; g) register on the website using the mentioned tracking data to access the financial service or product; h) monitoring the activity of using said tracking data for at least one device associated with fraudulent activity; i) obtain, based on said monitoring, a unique hardware identifier (UID) of said device associated with fraudulent activity; and j) transferring the UALID to the database for blacklisting for subsequent blocking of transactional operations using the appropriate hardware identifier.

EA201892372A 2018-11-15 2018-11-19 Method and system for identifying devices connected to fraudulent phishing activity EA038687B1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
RU2018140413A RU2705774C1 (en) 2018-11-15 2018-11-15 Method and system for detecting devices associated with fraudulent phishing activity

Publications (2)

Publication Number Publication Date
EA201892372A1 true EA201892372A1 (en) 2020-05-29
EA038687B1 EA038687B1 (en) 2021-10-05

Family

ID=68579493

Family Applications (1)

Application Number Title Priority Date Filing Date
EA201892372A EA038687B1 (en) 2018-11-15 2018-11-19 Method and system for identifying devices connected to fraudulent phishing activity

Country Status (3)

Country Link
EA (1) EA038687B1 (en)
RU (1) RU2705774C1 (en)
WO (1) WO2020101522A1 (en)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8122251B2 (en) * 2007-09-19 2012-02-21 Alcatel Lucent Method and apparatus for preventing phishing attacks
US8181029B2 (en) * 2009-09-23 2012-05-15 At&T Intellectual Property I, L.P. Apparatus, methods, and computer program products for entering secure passwords
US9027126B2 (en) * 2012-08-01 2015-05-05 Bank Of America Corporation Method and apparatus for baiting phishing websites
WO2014078569A1 (en) * 2012-11-14 2014-05-22 The 41St Parameter, Inc. Systems and methods of global identification
US9374369B2 (en) * 2012-12-28 2016-06-21 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
RU2671991C2 (en) * 2016-12-29 2018-11-08 Общество с ограниченной ответственностью "Траст" System and method for collecting information for detecting phishing
CN108664461B (en) * 2018-05-03 2023-08-22 鼎富智能科技有限公司 Automatic filling method and device for webpage form

Also Published As

Publication number Publication date
WO2020101522A1 (en) 2020-05-22
EA038687B1 (en) 2021-10-05
RU2705774C1 (en) 2019-11-11

Similar Documents

Publication Publication Date Title
US11727114B2 (en) Systems and methods for remote detection of software through browser webinjects
US11003748B2 (en) Utilizing behavioral features to identify bot
US10069858B2 (en) Secure and private mobile web browser
EP3295647B1 (en) Malware warning
TWI640890B (en) Method and device for detecting weak password
KR101530941B1 (en) Method, system and client terminal for detection of phishing websites
US20160323309A1 (en) Method and system for blocking malicious third party site tagging
US10574631B2 (en) Secure and private mobile web browser
KR102071160B1 (en) Application Information Methods and Devices for Risk Management
US9262536B2 (en) Direct page view measurement tag placement verification
US20180054443A1 (en) Utilizing transport layer security (tls) fingerprints to determine agents and operating systems
US20170104746A1 (en) System and method for data security on big data sets
US10929564B2 (en) URL evaluation for mobile web browsers
US20150278852A1 (en) System And Method For Identifying Online Advertisement Laundering And Online Advertisement Injection
AU2017200270B1 (en) Automated form generation and analysis
Hu et al. Multi-country study of third party trackers from real browser histories
Van Nortwick et al. Setting the Bar Low: Are Websites Complying With the Minimum Requirements of the CCPA?
US20170126715A1 (en) Detection device, detection method, and detection program
Samarasinghe et al. Et tu, brute? privacy analysis of government websites and mobile apps
CN104050257A (en) Detection method and device for phishing webpage
Eijk et al. The impact of user location on cookie notices (inside and outside of the European union)
Fietkau et al. The elephant in the background: A quantitative approachto empower users against web browser fingerprinting
CN107612946B (en) IP address detection method and device and electronic equipment
CN106330811A (en) Domain name credibility determination method and device
EA201892372A1 (en) METHOD AND SYSTEM FOR IDENTIFYING DEVICES RELATED TO FRAUDULAR FISHING ACTIVITY