DETECTING AND PREVENTING PHISHING ATTACKS

摘要

Embodiments are directed to detecting and preventing phishing attacks. In one scenario, a computer system accesses a message and analyzes content in the message to determine whether a link is present. The link has a link destination and at least some text that is designated for display in association with the link (i.e. the anchor), where the text designated for display indicates a specified destination. Then, upon determining that a link is present in the message, the computer system determines whether the link destination matches the destination specified by the text designated for display and, if it determines that the destination specified by the text designated for display does not match the link destination, the computer system flags the message to indicate that the message includes at least one suspicious link.

主权项

1. A computer system comprising the following:
one or more processors; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, cause the computing system to perform a method for detecting and preventing a phishing attack, the method comprising the following:
an act of accessing at least one message;an act of analyzing content in the message to determine whether a link is present, the link having a link destination and at least a portion of text that is designated for display in association with the link, the text designated for display indicating a specified destination;upon determining that at least one link is present in the message, an act of determining whether the link destination matches the destination specified by the text designated for display; andupon determining that the destination specified by the text designated for display does not match the link destination, an act of flagging the message to indicate that the message includes at least one suspicious link.