TW201332314A - Instant messaging fraud alarm system and alarm message delivery method - Google Patents

Instant messaging fraud alarm system and alarm message delivery method Download PDF

Info

Publication number
TW201332314A
TW201332314A TW101101695A TW101101695A TW201332314A TW 201332314 A TW201332314 A TW 201332314A TW 101101695 A TW101101695 A TW 101101695A TW 101101695 A TW101101695 A TW 101101695A TW 201332314 A TW201332314 A TW 201332314A
Authority
TW
Taiwan
Prior art keywords
instant messaging
message
user
messaging user
alert message
Prior art date
Application number
TW101101695A
Other languages
Chinese (zh)
Other versions
TWI462533B (en
Inventor
Wen-Da Lin
Original Assignee
Adatech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Adatech Inc filed Critical Adatech Inc
Priority to TW101101695A priority Critical patent/TW201332314A/en
Publication of TW201332314A publication Critical patent/TW201332314A/en
Application granted granted Critical
Publication of TWI462533B publication Critical patent/TWI462533B/zh

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

This invention concerns an instant messaging fraud alarm system and alarm message delivery method that mainly provide a robotic system as the contact person added by instant messaging users so as to receive messages sent from instant messaging users. When the account of instant communication is stolen and sends malicious links to every contact person, the robotic system retrieves and analyzes the message, and an early warning message, based upon the analysis result, then is sent to the instant messaging user to remind the user to change passwords so as to intercept the stolen account.

Description

即時通訊詐騙預警系統及預警訊息派送方法Instant messaging fraud warning system and early warning message delivery method

本發明係關於一種即時通訊詐騙預警系統及預警訊息派送方法,尤指一種可在即時通訊帳號遭盜但未更改密碼前,提前產生預警訊息以提醒即時通訊及時救回遭盜帳號的相關技術。The invention relates to an instant messaging fraud warning system and a method for dispatching an early warning message, in particular to a related technology capable of generating an early warning message in advance of an instant messaging account but without changing the password to remind the instant message to save the stolen account in time.

所謂的「即時通訊」是指一個實時通訊系統,允許兩人或多人使用網路即時的傳遞文字訊息、檔案、語音與視訊交流,著名的即時通訊工具係如微軟的Windows Live Messenger(以下簡稱為MSN)及雅虎的Yahoo!Messenger(以下簡稱為「即時通」)等,這些即時通訊工具可以使聯絡人之間作即時的交流與分享。根據維基百科公布2009年統計的資料,微軟的MSN用戶約有3.3億用戶,在台灣也有數百萬用戶,由於用戶多、使用頻繁,終於成為詐騙集團覬覦的對象。The so-called "instant messaging" refers to a real-time communication system that allows two or more people to use the Internet to instantly transmit text messages, files, voice and video communication. Famous instant messaging tools such as Microsoft Windows Live Messenger (hereinafter referred to as For MSN) and Yahoo! Messenger of Yahoo! (hereinafter referred to as "Instant Messenger"), these instant messaging tools enable instant communication and sharing between contacts. According to Wikipedia's 2009 statistics, Microsoft's MSN users have about 330 million users, and there are millions of users in Taiwan. Due to the large number of users and frequent use, they have finally become the target of fraud groups.

所謂的即時通訊詐騙,一般是由木馬程式取得用戶的帳號密碼,也有利用釣魚網站自動收取用戶的登入資訊,再假冒用戶名義登入即時通訊後對用戶的聯絡人施行詐騙,常見的詐騙手法是要求聯絡人代買遊戲點數,若聯絡人不疑有他,即會上當而造成損失;除此以外,詐騙集團將發送惡意連結,一旦聯絡人點擊連結,即將成為下一個遭盜用帳號的受害者。而上述的詐騙行徑是非常普遍而且嚴重的,嚴重程度已讓業者公佈資訊,告知使用者帳號遭盜用後的處理方式,但其處理方式卻十分繁複,以著名的MSN告知用戶的處理方式為:「The so-called instant messaging fraud is generally obtained by the Trojan horse program user password, and also uses the phishing website to automatically collect the user's login information, and then fake the user's name to log in to the instant messaging and then scam the user's contact person. The common scam is required. The contact person buys game points. If the contact person does not suspect him, he will be deceived and cause losses. In addition, the fraud group will send a malicious link. Once the contact clicks on the link, it will become the victim of the next stolen account. . The above-mentioned fraudulent practices are very common and serious. The severity has allowed the industry to publish information and inform users of how the account has been stolen. However, the handling of the account is very complicated. The famous MSN informs the user of the processing method: "

1. 立即到各地警察局報案並取得報案三聯單後,同時請警察於警政內部系統登錄MSN帳號停權申請書,並請警察將該申請書印出後傳真給165處理。1. Immediately report to the local police station and obtain the report triple list. At the same time, ask the police to log in to the MSN account suspension application form in the police internal system, and ask the police to print the application and fax it to 165 for processing.

2. 於165傳送通知予台灣微軟後,我們會盡力在24小時內凍結被盜用帳號。2. After transmitting the notice to Microsoft in 165, we will try our best to freeze the stolen account within 24 hours.

3. 如您要取回您的帳號,敬請造訪這裡,依照說明回填表單以取回您的帳號。」3. If you want to retrieve your account, please visit here and follow the instructions to fill out the form to retrieve your account. "

由上述訊息可知,MSN帳號被盜用後的官版處理方式與一般刑事竊案無異,必須先報案取得三聯單,並請警政單位登錄停權申請書,且必須印出後傳真給詐騙專線處理,在此之後才會凍結被盜用帳號,如用取得帳號,必須填寫表單循另一程序申請取回帳號,其程序之繁複令人咋舌。由此可見,一旦MSN帳號遭盜用,將造成用戶何等困擾,因此防止即時通訊帳號遭盜用的相關技術,是業者與廣大用戶所極需的。在探討如何防止即時通訊遭盜用之前,必須先瞭解詐騙集團盜用帳號的手法及其行為特徵,始能從中找到解決之道:如前揭所述,詐騙集團多半採用木馬程式或釣魚網站盜取使用者的即時通訊帳號密碼,亦即盜用帳號密碼的工作是由電腦執行,而詐騙集團以電腦取得帳號密碼後,並不會在第一時間更改密碼,原因在於更改密碼需要人工處理,但利用電腦取得帳號密碼數量十分龐大,所以在取得帳號一段時間後,才可能以人工更改盜用帳號的密碼,但在此之前,詐騙集團仍會充分運用取得的帳號密碼,以電腦自動登入盜用的帳號,再發送訊息或惡意連結給該帳號的聯絡人,以便植入木馬程式或誘入釣魚網站,進而盜用更多的帳號密碼,這種作法的行為特徵是在登入且發送惡意連結後隨即下線。除了單純發送連結外,詐騙電腦會在發送惡意連結之前先依序地發送一般性的互動文字,如常用的招呼詞「Hi」、「你好」、「安」等,接著會有一些基本的溝通,以降低聯絡人的心防,隨後再送出惡意連結,誘引聯絡人點擊。經過上述的電腦化作業後,在人力許可的狀況下,始由人工更換密碼,進而以真人與盜用帳號的聯絡人進行即時互動。It can be seen from the above information that the official version of the MSN account after being stolen is no different from the general criminal burglary. You must first report the case to obtain the triple order, and ask the police unit to log in to the application for suspension of the right, and must print it out and fax it to the fraud line. After that, the stolen account will be frozen. If you want to get an account, you must fill out the form and follow another procedure to apply for the account. The complexity of the program is astounding. It can be seen that once the MSN account is stolen, it will cause confusion for users. Therefore, the related technologies for preventing the misappropriation of instant messaging accounts are extremely needed by the operators and users. Before discussing how to prevent the misappropriation of instant messaging, you must first understand the methods and behaviors of fraudulent groups to steal accounts. You can find a solution from it: as mentioned earlier, most fraudulent groups use Trojans or phishing websites to steal them. The password of the instant messaging account, that is, the operation of stealing the account password is performed by the computer. After the fraud group obtains the account password by the computer, the password will not be changed in the first time because the password is changed manually, but the computer is used. The number of passwords obtained is very large. Therefore, after obtaining the account for a period of time, it is possible to manually change the password of the stolen account. However, before this, the fraud group will still fully use the obtained account password to automatically log in to the stolen account by the computer. Send a message or maliciously link to the contact person of the account to implant a Trojan horse or seduce a phishing website, and then steal more account passwords. The behavior of this method is to log in and send a malicious link and then go offline. In addition to simply sending a link, the scam computer will send general interactive texts in sequence before sending malicious links, such as the commonly used greetings "Hi", "Hello", "An", etc., and then there will be some basic Communicate to reduce the contact's mental defense, and then send a malicious link to entice the contact to click. After the above-mentioned computerized operation, in the case of human license, the password is manually changed, and the real person interacts with the contact person of the stolen account.

由上述可知,詐騙集團在變更盜用帳號的密碼前,會有一段電腦自動化作業的過程,使用者若能在前述過程中預先得知遭盜用的狀況,則可及時主動更換密碼,有效防止即時通訊的帳號淪為詐騙工具,並避免本身遭盜用帳號後的困擾。It can be seen from the above that before the fraud group changes the password of the stolen account, there will be a process of computer automatic operation. If the user can know the status of the theft in advance in the foregoing process, the password can be actively changed in time to effectively prevent the instant message. The account is a fraudulent tool and avoids the trouble of stealing the account itself.

因此本發明主要目的在提供一種即時通訊詐騙預警系統,主要是一種可由即時通訊用戶加入為聯絡人的機器人系統,其可判斷用戶是否出現特定的行為特徵,一旦發生上述狀況,將會在即時通訊上通知用戶,令用戶得以在盜用帳號被更換密碼之前,先行更換密碼,以有效救回遭盜用的帳號。Therefore, the main purpose of the present invention is to provide an instant messaging fraud warning system, which is mainly a robot system that can be joined as a contact by an instant messaging user, which can determine whether a user has a specific behavior characteristic, and once the above situation occurs, the instant messaging will occur. The user is notified to enable the user to change the password before the account is replaced, so as to effectively save the stolen account.

為達成前述目的採取的主要技術手段係令前述即時通訊詐騙預警系統包括:一聯絡人加入模組,主要係以一主帳號供一個以上的即時通訊用戶加入為聯絡人;一行為特徵分析模組,用以分析即時通訊用戶與聯絡人互動時的行為特徵,該行為特徵包括訊息中的文字內容、對話及/或上下線狀態,以判斷該即時通訊用戶的帳號是否有遭盜用之虞,並在判斷有遭盜用之虞時產生一預警訊息;一訊息派送模組,用以將行為特徵分析模組產生的預警訊息給疑似遭盜用帳號的即時通訊用戶。The main technical means adopted to achieve the foregoing objectives is that the aforementioned instant messaging fraud warning system includes: a contact person joining the module, mainly using one main account for more than one instant messaging user to join as a contact; a behavioral feature analysis module For analyzing the behavior characteristics of the instant messaging user interacting with the contact person, the behavior characteristic includes the text content, the dialogue and/or the online and offline status in the message, to determine whether the instant messaging user's account has been stolen, and An early warning message is generated when it is judged that there is a misappropriation; a message dispatching module is used to send an alert message generated by the behavioral feature analysis module to an instant messaging user suspected of being stolen.

由於上述即時通訊詐騙預警系統係一機器人系統,其可為即時通訊用戶加為聯絡人,因而可接收即時通訊用戶發出的訊息;當即時通訊用戶的帳號遭盜,而詐騙電腦登入盜用帳號,並出現特定的行為特徵,例如對該帳號的聯絡人發送惡意連結及/或出現異常的登入狀態(如登入後發送連結,隨即離線)時,則由於本發明的即時通訊詐騙預警系統也是聯絡人之一,所以也會接收前述訊息,經由行為特徵分析模組分析其發送訊息的內容含有惡意連結時,則由訊息派送模組傳送一預警訊息給即時通訊用戶,由於詐騙電腦在自動化作業過程中仍未更改盜用帳號的密碼,因此即時通訊用戶仍可使用原來的帳號密碼登入,在登入後收到該預警訊息,即可主動更換其密碼,以及時地救回遭盜用的帳號。Since the above-mentioned instant messaging fraud warning system is a robot system, it can be added as a contact person for the instant messaging user, and thus can receive the message sent by the instant messaging user; when the instant messaging user's account is stolen, the fraudulent computer logs into the stolen account, and When a specific behavioral feature occurs, such as sending a malicious link to the contact person of the account and/or an abnormal login status (such as sending a link after login, then offline), the instant messaging fraud warning system of the present invention is also a contact person. First, the above message will also be received. When the behavioral feature analysis module analyzes that the content of the sent message contains a malicious link, the message dispatching module transmits an alert message to the instant messaging user, because the fraudulent computer is still in the process of automatic operation. The password of the stolen account has not been changed, so the instant messaging user can still log in using the original account password. After receiving the alert message after logging in, the user can actively change the password and save the stolen account in time.

本發明又一目的在提供一種即時通訊詐騙預警訊息派送方法,其可在即時通訊遭盜用的初期,對遭盜帳號的即時通訊用戶發出預警訊息,以便及時救回盜用帳號。Another object of the present invention is to provide a method for dispatching an instant messaging fraud alert message, which can issue an early warning message to an instant messaging user of a stolen account in the early stage of instant messaging misappropriation, so as to timely rescue the stolen account.

為達成前述目的採取的主要技術手段係在接受一個以上即時通訊用戶加為聯絡人後,執行以下步驟:接收即時通訊用戶發出的訊息;分析前述訊息中是否含有連結及/或即時通訊用戶的上下線狀態;當訊息的分析結果異常,即對即時通訊用戶發出一預警訊息;前述方法主要係供即時通訊用戶加為聯絡人,以便接收即時通訊用戶發出的訊息,一旦即時通訊用戶的帳號遭盜,並對該帳號的聯絡人發送惡意連結及/或出現異常的上下線狀態時,則本發明可收到前述訊息並進行分析,一旦分析出其發送訊息異常時,即對疑似遭盜用帳號的即時通訊用戶傳送一預警訊息,以提醒其及時更換密碼,而攔截取回遭盜的帳號。The main technical means to achieve the above objectives is to accept the message sent by the instant messaging user after receiving more than one instant messaging user as the contact person; analyze whether the above message contains the link and/or the instant messaging user. Line status; when the analysis result of the message is abnormal, an early warning message is sent to the instant messaging user; the above method is mainly for the instant messaging user to be added as a contact, in order to receive the message sent by the instant messaging user, once the instant messaging user's account is stolen And when the contact person of the account sends a malicious link and/or an abnormal online and offline state, the present invention can receive the foregoing message and analyze it, and once it is analyzed that the sending message is abnormal, the suspected stolen account is The instant messaging user sends an alert message to remind him to change the password in time and intercept the retrieved stolen account.

關於本發明的即時通訊詐騙預警系統為一機器人系統,該機器人系統提供一即時通訊帳號供相同或相互支援的即時通訊(例如MSN、SKYPE、「即時通」或QQ等)之用戶加入為聯絡人,而對加入聯絡人的即時通訊用戶提供自動應答服務;必須說明的是:將機器人系統加為聯絡人,以取得自動應答與互動服務是已知的,本發明的技術特徵在於利用機器人系統提供詐騙預警功能,為支援上述預警功能,本發明主要提供一即時通訊詐騙預警系統,其一較佳實施例的系統架構,請參閱圖1所示,包括一聯絡人加入模組10、一行為特徵分析模組20及一訊息派送模組30;其中:該聯絡人加入模組10係執行聯絡人管理,主要係以一主帳號供使用者加入為聯絡人;如前揭所述,由於本發明的即時通訊詐騙預警系統為一機器人系統,其可為即時通訊用戶加為聯絡人,然而即時通訊用戶數量龐大,且即時通訊業者對於單一用戶通常有聯絡人上限的規定,而為能提供更多用戶加為聯絡人,本發明的聯絡人加入模組10進一步提供一動態帳號管理程序,主要在聯絡人數量接近或到達一上限值時,以一個以上的備用帳號回應即時通訊用戶的加入邀請;假設一個即時通訊帳號(例如MSN)的聯絡人上限是1,000人,則在主帳號的聯絡人接近或到達1,000人時,由另一個備用帳號接受即時通訊用戶的加入邀請,藉此擴充聯絡人的數量,而聯絡人的數量並隨備用帳號的擴充而增加;由於主帳號與各個備用帳號的暱稱相同,因此不論是加入主帳號或備用帳號,相對的聯絡人在其操作介面上都會顯示相同的暱稱,因此對於聯絡人的識別並沒有影響。The instant messaging fraud warning system of the present invention is a robot system, and the robot system provides an instant messaging account for users of the same or mutually supported instant messaging (such as MSN, SKYPE, "instant messaging" or QQ, etc.) to join as a contact person. Providing an automatic answering service to the instant messaging user who joins the contact; it must be stated that it is known to add the robotic system as a contact to obtain an automatic answering and interactive service, and the technical feature of the present invention is to provide the robot system. The spoofing warning function, in order to support the above-mentioned early warning function, the present invention mainly provides an instant messaging fraud early warning system. The system architecture of a preferred embodiment is shown in FIG. 1 , including a contact joining module 10 and a behavioral feature. The analysis module 20 and a message delivery module 30; wherein: the contact person joining module 10 performs contact management, mainly by using a master account for the user to join as a contact; as disclosed above, due to the present invention The instant messaging fraud alert system is a robotic system that can be added as a contact for instant messaging users, but instant messaging The number of users is huge, and the instant messaging industry usually has a contact limit for a single user, and in order to provide more users as contacts, the contact joining module 10 of the present invention further provides a dynamic account management program, mainly in When the number of contacts approaches or reaches an upper limit, more than one alternate account responds to the invitation of the instant messaging user; assuming that the contact limit of an instant messaging account (such as MSN) is 1,000, the contact at the primary account When approaching or reaching 1,000 people, another alternate account accepts the invitation to join the instant messaging user, thereby expanding the number of contacts, and the number of contacts increases with the expansion of the alternate account; due to the primary account and each alternate account The nickname is the same, so whether you join the primary or backup account, the relative contacts will display the same nickname on their operating interface, so there is no impact on the contact identification.

該行為特徵分析模組20是用以分析即時通訊用戶與聯絡人間的互動是出現特定的行為特徵,如果即時通訊用戶出現特定的行為特徵,即表示該即時通訊用戶的帳號有遭盜用之虞,遂可據此對即時通訊用戶發送一預警訊息,使該即時通訊用戶可及早因應;所稱行為特徵的分析內容包括:The behavioral feature analysis module 20 is configured to analyze the interaction between the instant messaging user and the contact person to have a specific behavior characteristic. If the instant messaging user has a specific behavior characteristic, it indicates that the instant messaging user's account has been stolen. According to this, an instant messaging message is sent to the instant messaging user, so that the instant messaging user can respond early; the analysis of the behavior characteristics mentioned includes:

1. 訊息中含有連結及異常的上下線狀態:由於詐騙集團取得即時通訊用戶的帳號後,以人工更換密碼並與聯絡人進行真人對話之前,係先採取電腦自動化作業,主要係以電腦程式自動登入盜用的帳號,並對該帳號的聯絡人發送含有惡意連結的訊息,且在發送後隨即下(離)線。因此上述行為特徵分析模組20將分析加為聯絡人的即時通訊用戶是否出現上述行為特徵,若已出現上述行為特徵,表示該即時通訊用戶的帳號可能已遭盜用,隨即可透過訊息派送模組30發送一預警訊息予該即時通訊用戶,而該即時通訊用戶的帳號雖已遭盜用,因密碼未改,所以原用戶仍可正常登入,因此可收到前述預警訊息。1. The message contains the link and abnormal line status: Since the fraud group obtains the account of the instant messaging user, before manually changing the password and making a live dialogue with the contact person, the computer automation is firstly performed, mainly by computer program. Log in to the stolen account and send a message with a malicious link to the contact person of the account, and then immediately (off) the line after sending. Therefore, the behavioral feature analysis module 20 analyzes whether the instant messaging user added as the contact has the behavior characteristic. If the behavior characteristic has been generated, it indicates that the instant messaging user's account may have been stolen, and then the message delivery module is available. 30. Sending an alert message to the instant messaging user, and the account of the instant messaging user has been stolen. Since the password has not been changed, the original user can still log in normally, so the foregoing warning message can be received.

2. 特定的對話與互動模式:詐騙集團除了利用電腦程式登入帳號,發送含有連結的訊息外,亦利用電腦程式發出特定模式或順序的對話與該帳號的聯絡人互動,並在對話過程中送出含有惡意連結的訊息,例如邀請聯絡人瀏覽其相簿或部落格,當聯絡人不疑有他而點擊連結時,即可能遭植入木馬程式或誘入釣魚網站,而聯絡人的帳號密碼亦將遭盜。因此上述行為特徵分析模組20仍將分析加為聯絡人的即時通訊用戶是否出現上述行為特徵,若已出現上述行為特徵,亦將透過訊息派送模組30發送一預警訊息予該即時通訊用戶。2. Specific dialogue and interaction mode: In addition to using a computer program to log in to an account and send a message containing a link, the fraud group also uses a computer program to send a specific mode or sequence of dialogues to interact with the contact person of the account and send it during the dialogue. Messages containing malicious links, such as inviting contacts to view their albums or blogs. When the contact person clicks on the link without suspiciously, the trojan may be implanted or baited into the phishing website, and the password of the contact person is also Will be stolen. Therefore, the above behavioral feature analysis module 20 will still analyze whether the instant messaging user added as the contact has the above behavior characteristics. If the behavior characteristic has already occurred, the message delivery module 30 will also send an early warning message to the instant messaging user.

上述行為特徵分析模組20除分析即時通訊用戶的行為特徵外,當即時通訊用戶出現上述行為特徵時,其訊息內容將被存入一病毒資料庫,供作為隨後分析行為特徵的比對依據。In addition to analyzing the behavior characteristics of the instant messaging user, the behavior characteristic analysis module 20 described above, when the instant messaging user has the above behavior characteristics, the message content will be stored in a virus database for comparison analysis of the behavior characteristics of the subsequent analysis.

該訊息派送模組30係接收行為特徵分析模組20產生的預警訊息,以送給疑似遭盜用帳號的即時通訊用戶;由於大多數即時通訊工具都有流量管制,以MSN為例,每分鐘允許發送訊息的聯絡人數量不超過8~9個,一旦系統顯示遭盜用帳號的情況嚴重,必須在短時間內對各個相應即時通訊用戶發出預警訊息時,則可採行一動態派送程序,將預警訊息自動派送給疑似中毒的即時通訊用戶。The message delivery module 30 receives the alert message generated by the behavior feature analysis module 20 for instant messaging users suspected of being stolen; since most instant messaging tools have traffic control, MSN is used as an example, per minute. The number of contacts to send messages does not exceed 8~9. Once the system displays the situation of the stolen account, the system must send a warning message to each corresponding instant messaging user within a short period of time. Messages are automatically sent to instant messaging users who are suspected of being poisoned.

所稱的動態派送程序係進行一自動派送排程,以週期性地派送預警訊息給即時通訊用戶,而在各個派送週期之間的非派送週期中判斷即時通訊用戶是否處於一互動狀態,若待傳送預警訊息的即時通訊用戶處於互動狀態,則優先發送預警訊息給互動中的用戶。The so-called dynamic dispatching program performs an automatic dispatch schedule to periodically send an alert message to the instant messaging user, and determines whether the instant messaging user is in an interactive state during the non-delivery period between the delivery periods. When the instant messaging user transmitting the alert message is in an interactive state, the alert message is sent preferentially to the user in the interaction.

關於前述動態派送程序的具體流程,其第一較佳實施例請參閱圖2所示,其包括:執行自動排程(201),以設定一排程派送週期,該排程派送週期可根據即時通訊的流量管控標準來設定,例如MSN的流量管控標準是1分鐘不超過8~9個訊息傳送對象,因此可以每6秒或7秒為一排程派送週期,在每一排程派送週期中派送預警訊息給疑似遭盜用帳號的即時通訊用戶,由於每6秒或7秒才對一即時通訊用戶派送預警訊息,因此在排程派送週期派送的預警訊息必然符合即時通訊的流量管控;判斷是否到達排程派送週期(202);若已達排程派送週期,即對疑似遭盜用帳號的即時通訊用戶派送預警訊息(203);若非排程派送週期,則進一步判斷疑似遭盜用帳號的即時通訊用戶是否處於一”互動狀態”(204),前述”互動狀態”係指即時通訊用戶正透過即時通訊與本發明的預警系統連線中及/或即時通訊用戶正透過即時通訊對預警系統傳送訊息,根據MSN的流量管控規則,即時通訊用戶對連線中的聯絡人傳送訊息或即時通訊用戶回應聯絡人傳來的訊息,都不在前述每分鐘傳送訊息的對象不超過8~9人的流量限制之列,因此利用前述特性可在非排程派送週期時迅速地派送預警訊息給對應的即時通訊用戶;如前揭所述,若經判斷待派送預警訊息的即時通訊用戶處於互動狀態,即對互動狀態中的即時通訊用戶派送預警訊息(205),在預警訊息派送完畢後又回到前述步驟(202);若即時通訊用戶非處於互動狀態,則直接回到前述步驟(202),判斷是否到達排程派送週期。For a specific process of the foregoing dynamic dispatching program, a first preferred embodiment of the present invention is shown in FIG. 2, which includes: performing automatic scheduling (201) to set a scheduling delivery period, and the scheduling delivery period can be based on an instant. The flow control standard of communication is set. For example, the flow control standard of MSN is no more than 8~9 message transmission objects in 1 minute, so it can be a scheduling period every 6 seconds or 7 seconds, in each scheduling delivery period. Sending an alert message to an instant messaging user suspected of being stolen, because an alert message is sent to an instant messaging user every 6 or 7 seconds, the alert message sent during the scheduled delivery period must conform to the traffic control of the instant messaging; Arriving to the scheduling delivery period (202); if the scheduled delivery period has been reached, the instant messaging user of the suspected stolen account is sent an alert message (203); if the scheduled delivery period is not, the instant communication of the suspected stolen account is further determined. Whether the user is in an "interactive state" (204), and the aforementioned "interactive state" means that the instant messaging user is connected to the early warning system of the present invention through instant messaging. Medium and/or instant messaging users are transmitting messages to the early warning system via instant messaging. According to MSN's traffic control rules, instant messaging users send messages to contacts in the connection or respond to incoming messages from instant messaging users. The above-mentioned object for transmitting messages per minute does not exceed the traffic limit of 8-9 people. Therefore, the foregoing feature can be used to quickly send an alert message to the corresponding instant messaging user during the non-scheduled delivery cycle; as described above, The instant messaging user who is determined to be dispatched with the early warning message is in an interactive state, that is, an early warning message is sent to the instant messaging user in the interactive state (205), and after the warning message is sent, the user returns to the foregoing step (202); if the instant messaging user is not In the interactive state, directly return to the foregoing step (202) to determine whether the scheduled delivery period is reached.

關於前述動態派送程序的第二較佳實施例,請參閱圖3所示,其包括:執行自動排程(301),以設定一排程派送週期;判斷是否到達排程派送週期(302);若已達排程派送週期,則進一步執行優先派送判斷機制,主要係判斷待派送預警訊息的即時通訊用戶是否已上線(303);若該即時通訊用戶未上線,係依原訂排程派送預警訊息(304),派送完成後,回到步驟(302);若待派送預警訊息的即時通訊用戶已上線,係優先對其派送預警訊息(305),派送完成後,回到步驟(302);再者,在前述步驟(302)中若經判斷為非排程派送週期,則進一步判斷待發送預警訊息的即時通訊用戶是否處於互動狀態(306);若該即時通訊用戶處於互動狀態,即對互動狀態中的聯絡人派送預警訊息(307),在預警訊息派送完畢後又回到前述步驟(302);若即時通訊用戶非處於互動狀態,則直接回到前述步驟(302),判斷是否到達排程派送週期。Regarding the second preferred embodiment of the foregoing dynamic dispatching procedure, please refer to FIG. 3, which includes: performing automatic scheduling (301) to set a scheduling delivery period; determining whether a scheduled delivery period is reached (302); If the scheduled delivery period has been reached, the priority delivery judging mechanism is further implemented, mainly determining whether the instant messaging user to be sent the alert message has been online (303); if the instant messaging user is not online, the alert is dispatched according to the original schedule. Message (304), after the delivery is completed, return to step (302); if the instant messaging user to be dispatched with the alert message is online, the priority message is sent to it (305), after the delivery is completed, the process returns to step (302); Furthermore, if it is determined in the foregoing step (302) that it is a non-scheduled delivery period, it is further determined whether the instant messaging user to send the early warning message is in an interactive state (306); if the instant messaging user is in an interactive state, that is, The contact person in the interactive state sends an alert message (307), and returns to the foregoing step (302) after the alert message is sent; if the instant messaging user is not in the interactive state, directly returns to the foregoing step (302), it is determined whether the delivery schedule arrival period.

上述實施例係與前一實施例的差異係在:排程派送預警訊息之前加入優先派送的判斷機制,主要目的在讓已上線的即時通訊用戶優先取得預警訊息,藉此提高派送預警訊息的效益。The difference between the above embodiment and the previous embodiment is that the prioritized delivery mechanism is added before the dispatching of the early warning message, and the main purpose is to enable the instant messaging user who has been online to obtain the early warning message, thereby improving the benefit of sending the early warning message. .

關於前述動態派送程序的第三較佳實施例,請參閱圖4所示,其包括:執行自動排程(401),以設定一排程派送週期;判斷是否到達排程派送週期(402);若已達排程派送週期,則進一步執行優先派送判斷機制,主要係判斷待派送預警訊息的即時通訊用戶是否已上線(403);若待派送預警訊息的即時通訊用戶未上線,係依原訂排程對即時通訊用戶派送預警訊息(404),派送完成後,回到步驟(402);若即時通訊用戶已上線,係優先對上線的即時通訊用戶派送預警訊息(405),派送完成後,回到步驟(402);再者,在前述步驟(402)中若經判斷為非排程派送週期,則進一步判斷待發送預警訊息的即時通訊用戶是否處於互動狀態(406);若待發送預警訊息的即時通訊用戶處於互動狀態,即對其派送預警訊息(407),在預警訊息派送完畢後又回到前述步驟(402);若待發送預警訊息的即時通訊用戶非處於互動狀態,則直接回到前述步驟(402),判斷是否到達排程派送週期。For a third preferred embodiment of the foregoing dynamic dispatching procedure, please refer to FIG. 4, which includes: performing automatic scheduling (401) to set a scheduling delivery period; determining whether a scheduled delivery period is reached (402); If the scheduled delivery period has been reached, the priority delivery judgment mechanism is further implemented, mainly determining whether the instant messaging user to be sent the alert message has been online (403); if the instant messaging user to be dispatched the alert message is not online, the original subscription is The schedule sends an alert message to the instant messaging user (404). After the delivery is completed, the process returns to step (402); if the instant messaging user is online, the instant messaging user (80) is preferentially dispatched to the online instant messaging user, and after the delivery is completed, Going back to step (402); further, if it is determined in the foregoing step (402) that it is a non-scheduled delivery period, it is further determined whether the instant messaging user to send the early warning message is in an interactive state (406); The instant messaging user of the message is in an interactive state, that is, an alert message (407) is sent to the message, and the alert message is returned to the foregoing step (402); if the alert message is to be sent, A non-interactive user communications in the state, directly back to step (402), it is determined whether the delivery schedule arrival period.

前述步驟(401)~(407)與前一實施例中的步驟(301)~(307)大致相同,不同處在於本實施例在對待發送預警訊息的即時通訊用戶派送預警訊息後(無論是排程派送週期或非排程派送週期),進一步判斷即時通訊是否回應訊息派送成功(408);若即時通訊回應訊息派送成功,則將該預警訊息派送的即時通訊用戶加入派送成功名單(409),再回到前述步驟(402);若即時通訊未回應訊息派送成功,表示預警訊息派送失敗,則將該預警訊息派送的即時通訊用戶重新加入自動排程(410),經過重新排程後再對其派送預警訊息,接著再回到前述步驟(402)。The foregoing steps (401)-(407) are substantially the same as the steps (301)-(307) in the previous embodiment, except that the present embodiment sends an alert message to the instant messaging user who is to send the alert message (whether it is a row The delivery period or the non-scheduled delivery period further determines whether the instant messaging message is successfully sent (408); if the instant messaging response message is successfully delivered, the instant messaging user to which the alert message is sent is added to the delivery success list (409), Returning to the foregoing step (402); if the instant messaging does not respond to the successful delivery of the message, indicating that the alert message delivery fails, the instant messaging user to which the alert message is sent is re-added to the automatic scheduling (410), and after rescheduling, It sends an alert message and then returns to the previous step (402).

前述步驟(408)~(410)係利用即時通訊之特性來確認預警訊息是否派送成功,根據即時通訊之特性,其對於傳送失敗的訊息不會產生錯誤訊息,但對於傳送成功的訊息,則會回應訊息傳送成功,因此前述步驟(408)~(410)即根據上述特性以確認預警訊息是否已成功送給待發送預警訊息的即時通訊用戶,若不成功,則重新排程派送,如此一來可確保預警訊息有效地傳送給即時通訊用戶。The foregoing steps (408) to (410) use the characteristics of instant messaging to confirm whether the early warning message is successfully delivered. According to the characteristics of instant messaging, it does not generate an error message for the message that fails to be transmitted, but for the message that the transmission is successful, The response message is successfully transmitted. Therefore, the foregoing steps (408) to (410) are based on the above characteristics to confirm whether the early warning message has been successfully sent to the instant messaging user to be sent the warning message, and if unsuccessful, reschedule the delivery, thus It ensures that the alert message is effectively transmitted to the instant messaging user.

又如圖5所示,前述步驟(408)中,若即時通訊回應訊息派送成功,可進一步加入一要求輸入驗證碼的步驟(408A),並判斷即時通訊用戶是否正確輸入驗證碼(408B),始加入派送成功名單(409),若未輸入驗證碼或輸入驗證碼不正確,即重新加入自動排程(410);藉此確認原即時通訊用戶確實接到預警訊息。由於詐騙集團盜用帳號後、人工更換密碼之前係以電腦程式自動登入帳號、發送訊息,在此階段,若是詐騙集團以電腦程式登入帳號,也會收到預警訊息,但因電腦程式無法辨識並輸入驗證碼,故可視為未成功派送,因而將重新排程而持續派送預警訊息,直到原即時通訊用戶收到並輸入驗證碼後,始加入派送成功名單。As shown in FIG. 5, in the foregoing step (408), if the instant messaging response message is successfully sent, a step (408A) of requesting the input of the verification code may be further added, and it is determined whether the instant messaging user correctly inputs the verification code (408B). Start to join the delivery success list (409), if you do not enter the verification code or enter the verification code is incorrect, then re-join the automatic scheduling (410); to confirm that the original instant messaging user did receive the warning message. Since the fraud group has used the computer program to automatically log in to the account and send a message after manually changing the password, at this stage, if the fraud group logs in to the account with the computer program, it will also receive an alert message, but the computer program cannot recognize and input. Verification code, it can be regarded as unsuccessful delivery, so it will be rescheduled and continue to send early warning messages until the original instant messaging user receives and enters the verification code, and then joins the delivery success list.

對於所屬技術領域中具有通常知識者可以理解的是:前述確認預警訊息是否成功派送給即時通訊用戶的機制除運用在前述第二較佳實施例以外(即第三較佳實施例),其毋庸置疑地也可以運用在第一較佳實施例,亦即在排程派送訊息(203)或非排程派送訊息(205)之後,可進一步判斷即時通訊是否回應訊息派送成功,若即時通訊回應訊息派送成功,則將該預警訊息派送的即時通訊用戶加入派送成功名單,再回到前述步驟(202);若即時通訊未回應訊息派送成功,表示預警訊息派送失敗,則將該預警訊息派送的即時通訊用戶重新加入自動排程,經過重新排程後再對其派送預警訊息,接著再回到前述步驟(202)。It can be understood by those having ordinary knowledge in the art that the mechanism for confirming whether the foregoing warning message is successfully sent to the instant messaging user is not limited to the second preferred embodiment (ie, the third preferred embodiment). It is also doubtful that the first preferred embodiment can be used, that is, after the scheduled delivery message (203) or the non-scheduled delivery message (205), it can be further determined whether the instant messaging responds to the message delivery success, if the instant messaging response message If the delivery is successful, the instant messaging user sent by the warning message is added to the delivery success list, and then returns to the foregoing step (202); if the instant messaging does not respond to the successful delivery of the message, indicating that the warning message delivery fails, the warning message is sent immediately. The communication user rejoins the automatic scheduling, sends an alert message after rescheduling, and then returns to the previous step (202).

10...聯絡人加入模組10. . . Contact to join the module

20...行為特徵分析模組20. . . Behavioral feature analysis module

30...訊息派送模組30. . . Message delivery module

圖1係本發明的系統架構示意圖。1 is a schematic diagram of the system architecture of the present invention.

圖2係本發明預警方法第一較佳實施例的流程圖。2 is a flow chart of a first preferred embodiment of the early warning method of the present invention.

圖3係本發明預警方法第二較佳實施例的流程圖。3 is a flow chart of a second preferred embodiment of the early warning method of the present invention.

圖4係本發明預警方法第三較佳實施例的一流程圖。4 is a flow chart of a third preferred embodiment of the early warning method of the present invention.

圖5係本發明預警方法第三較佳實施例又一流程圖。FIG. 5 is still another flow chart of the third preferred embodiment of the early warning method of the present invention.

10...聯絡人加入模組10. . . Contact to join the module

20...行為特徵分析模組20. . . Behavioral feature analysis module

30...訊息派送模組30. . . Message delivery module

Claims (10)

一種即時通訊詐騙預警系統,包括:一聯絡人加入模組,主要係以一主帳號供一個以上的即時通訊用戶加入為聯絡人;一行為特徵分析模組,用以分析即時通訊用戶與聯絡人互動時的行為特徵,該行為特徵包括訊息中的文字內容、對話及上下線狀態與訊息中的文字內容、對話或上下線狀態,以判斷該即時通訊用戶的帳號是否有遭盜用之虞,並在判斷有遭盜用之虞時產生一預警訊息;一訊息派送模組,用以將行為特徵分析模組產生的預警訊息派送給疑似遭盜用帳號的即時通訊用戶。An instant messaging fraud warning system includes: a contact person joining a module, mainly by using one master account for more than one instant messaging user to join as a contact; a behavioral feature analysis module for analyzing instant messaging users and contacts The behavioral characteristics of the interaction, the behavioral features include the text content in the message, the conversation and the status of the online and offline lines and the text content in the message, the conversation or the status of the online and offline, to determine whether the instant messaging user's account has been stolen, and An early warning message is generated when it is judged that there is a misappropriation; a message dispatching module is used to send an alert message generated by the behavioral feature analysis module to an instant messaging user suspected of being stolen. 如請求項1所述之即時通訊詐騙預警系統,該行為特徵分析模組進一步包括一病毒資料庫,當行為特徵分析模組判斷即時通訊用戶出現特定的行為特徵時,將其訊息內容存入病毒資料庫作為日後比對的依據。The behavioral feature analysis module further includes a virus database, and when the behavior feature analysis module determines that the instant communication user has a specific behavior characteristic, the message content is stored in the virus. The database serves as the basis for future comparisons. 一種即時通訊詐騙預警訊息派送方法,主要係以一機器人系統接受一個以上即時通訊用戶加為聯絡人後,執行以下步驟:接收即時通訊用戶發出的訊息;分析前述訊息中是否含有連結及/或即時通訊用戶的上下線狀態;當訊息的分析結果異常,即對即時通訊用戶發出一預警訊息。An instant messaging fraud alert delivery method mainly involves receiving a message from a user of an instant messaging user after receiving more than one instant messaging user as a contact in a robotic system; analyzing whether the message contains a link and/or an instant The status of the communication user's online and offline; when the analysis result of the message is abnormal, an alert message is sent to the instant messaging user. 如請求項3所述之即時通訊詐騙預警訊息派送方法,上述預警訊息的派送係依以下步驟進行:執行自動排程,以設定一排程派送週期;判斷是否到達排程派送週期;若已達排程派送週期,即對待派送預警訊息的即時通訊用戶派送預警訊息;若非排程派送週期,則進一步判斷待派送預警訊息的即時通訊用戶是否處於一互動狀態;若該即時通訊用戶處於互動狀態,即對其派送預警訊息;若該即時通訊用戶非處於互動狀態,則回到判斷是否到達排程派送週期的步驟。The method for dispatching an instant messaging fraud alert message according to claim 3, the sending of the foregoing alert message is performed according to the following steps: performing automatic scheduling to set a scheduling delivery period; determining whether the scheduled delivery period is reached; The dispatching period, that is, the instant messaging user who sends the early warning message, sends an early warning message; if the scheduled delivery period is not, it further determines whether the instant messaging user to be sent the early warning message is in an interactive state; if the instant messaging user is in an interactive state, That is, an alert message is sent to it; if the instant messaging user is not in an interactive state, it returns to the step of judging whether or not the scheduled delivery period is reached. 如請求項4所述之即時通訊詐騙預警訊息派送方法,上述預警訊息的派送進一步包括以下步驟:若判斷為排程派送週期,則進一步執行優先派送判斷機制,主要係判斷待派送預警訊息的即時通訊用戶是否已上線;若該即時通訊用戶未上線,係依原訂排程對該即時通訊用戶名單派送預警訊息;若該即時通訊用戶已上線,係優先對其派送預警訊息。The method for dispatching an instant messaging fraud alert message according to claim 4, the sending of the foregoing alert message further includes the following steps: if it is determined to be a scheduled delivery period, the priority dispatching judgment mechanism is further executed, mainly determining that the early warning message is to be dispatched Whether the communication user has been online; if the instant messaging user is not online, an alert message is sent to the instant messaging user list according to the original scheduling; if the instant messaging user is online, the early warning message is sent. 如請求項4所述之即時通訊詐騙預警訊息派送方法,在派送預警訊息完成後,進一步判斷即時通訊是否回應訊息派送成功,若即時通訊回應訊息派送成功,則將該預警訊息派送的即時通訊用戶加入派送成功名單;若即時通訊未回應訊息派送成功,表示預警訊息派送失敗,則將該預警訊息派送的即時通訊用戶重新加入自動排程。The instant messaging fraud alert delivery method described in claim 4, after the completion of the dispatching of the alert message, further determining whether the instant messaging responds to the successful delivery of the message, and if the instant messaging response message is successfully delivered, the instant messaging user dispatched by the alert message Join the delivery success list; if the instant message does not respond to the message delivery success, indicating that the alert message delivery failed, the instant messaging user dispatched by the alert message is re-added to the automatic scheduling. 如請求項5所述之即時通訊詐騙預警訊息派送方法,在派送預警訊息完成後,進一步判斷即時通訊是否回應訊息派送成功,若即時通訊回應訊息派送成功,則將該預警訊息派送的即時通訊用戶加入派送成功名單;若即時通訊未回應訊息派送成功,表示預警訊息派送失敗,則將該預警訊息派送的即時通訊用戶重新加入自動排程。The method for dispatching an instant messaging fraud alert message according to claim 5, after the completion of the dispatching of the alert message, further determining whether the instant messaging responds to the successful delivery of the message, and if the instant messaging response message is successfully delivered, the instant messaging user dispatched by the alert message Join the delivery success list; if the instant message does not respond to the message delivery success, indicating that the alert message delivery failed, the instant messaging user dispatched by the alert message is re-added to the automatic scheduling. 如請求項3至7項中任一項所述之即時通訊詐騙預警訊息派送方法,前述互動狀態係指即時通訊用戶正透過即時通訊與機器人系統連線中及即時通訊用戶正透過即時通訊對機器人系統傳送訊息、即時通訊用戶正透過即時通訊與機器人系統連線中或即時通訊用戶正透過即時通訊對機器人系統傳送訊息。The method for dispatching an instant messaging fraud alert message according to any one of claims 3 to 7, wherein the interactive state means that the instant messaging user is connecting to the robot system through instant messaging and the instant messaging user is communicating to the robot through instant messaging. The system transmits messages, instant messaging users are connecting to the robot system via instant messaging or instant messaging users are transmitting messages to the robot system via instant messaging. 如請求項6或7所述之即時通訊詐騙預警訊息派送方法,當即時通訊回應訊息派送成功,進一步加入一要求輸入驗證碼的步驟,若即時通訊用戶輸入驗證碼,始加入派送成功名單;若未輸入驗證碼或輸入驗證碼不正確,即重新加入自動排程。The method for dispatching an instant messaging fraud alert message according to claim 6 or 7, when the instant messaging response message is successfully sent, further adding a step of requesting the input of the verification code, if the instant messaging user inputs the verification code, the joining success list is entered; If the verification code is not entered or the verification code is incorrect, re-join the automatic schedule. 如請求項8所述之即時通訊詐騙預警訊息派送方法,前述即時通訊係指MSN、SKYPE、「即時通」或QQ。The method for dispatching an instant messaging fraud alert message according to claim 8, wherein the instant messaging refers to MSN, SKYPE, "instant messaging" or QQ.
TW101101695A 2012-01-17 2012-01-17 Instant messaging fraud alarm system and alarm message delivery method TW201332314A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW101101695A TW201332314A (en) 2012-01-17 2012-01-17 Instant messaging fraud alarm system and alarm message delivery method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW101101695A TW201332314A (en) 2012-01-17 2012-01-17 Instant messaging fraud alarm system and alarm message delivery method

Publications (2)

Publication Number Publication Date
TW201332314A true TW201332314A (en) 2013-08-01
TWI462533B TWI462533B (en) 2014-11-21

Family

ID=49479170

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101101695A TW201332314A (en) 2012-01-17 2012-01-17 Instant messaging fraud alarm system and alarm message delivery method

Country Status (1)

Country Link
TW (1) TW201332314A (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI333767B (en) * 2007-03-02 2010-11-21 Asustek Comp Inc Method and system for monitoring and controlling voice instant messaging
TW201106190A (en) * 2009-08-13 2011-02-16 Chunghwa Telecom Co Ltd Virus detection system and method of notifying detection of viruses for use in instant communication systems
TWM432099U (en) * 2012-01-17 2012-06-21 Adatech Inc Instant messaging fraud early warning system

Also Published As

Publication number Publication date
TWI462533B (en) 2014-11-21

Similar Documents

Publication Publication Date Title
AU2018206697B2 (en) Authentication of service requests initiated from a social networking site
US10492039B1 (en) State-based electronic message management systems and controllers
CN104618226B (en) A kind of information processing method, client and server
US20150039708A1 (en) Method and apparatus for processing a message
CN103890808A (en) Method for operating interactive messaging service providing reception confirmation
JP2006521635A5 (en)
CN101292237A (en) Determining the reputation of a sender of communications
US8954518B2 (en) Communication device
CN107734076A (en) Information push method, device and storage medium
CN108011805A (en) Method, apparatus, intermediate server and the car networking system of message screening
CN110971447A (en) Test information management method and device, electronic equipment and readable storage medium
CN104954227B (en) A kind of cross-platform information push method of preemptive type and server
CN1988531A (en) Method and system for managing network communication
TW201332314A (en) Instant messaging fraud alarm system and alarm message delivery method
CN113794620A (en) Message sending method, device, equipment, system and storage medium
TWM432099U (en) Instant messaging fraud early warning system
TWI525581B (en) Intelligent messaging method, apparatus and computer-readable storage device
CN112328407A (en) Message transmission system suitable for coordination of development and management tasks of spacecraft
US8539034B2 (en) System and method for bulk data messaging
JP2010134727A (en) Form processing system, reception terminal, center device and form processing method
TW432099B (en) Direct filling ink for an aqueous ballpoint pen
CN107609832B (en) Method and system for linking enterprise subsystems around communication system
EP3273704A1 (en) Stub network establishing method, device and system, and storage medium
EP1965547B1 (en) A computer implemented system and a method for detecting abuse of an electronic mail infrastructure in a computer network
JP2009187444A (en) Individual message management system, individual message management method and individual message display program

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees