Method and system for tracking fraudulent activity

摘要

A method and system for tracking potentially fraudulent activities associated with one or more web sites is disclosed. The system includes a fraud tracking server connected to a fraud tracking database. The fraud tracking server includes a communications module to facilitate the exchange of data between the server and multiple client devices. The fraud tracking server receives data from one or more client devices that identifies a potential spoof site. The fraud tracking server also includes control logic to generate a spoof site tracking record in the fraud tracking database. The spoof site tracking record includes the data identifying the potential spoof site. After the spoof site tracking record has been created, the fraud tracking server notifies an administrator of the potential spoof site by communicating the data received and stored in the fraud tracking database to an administrator.

主权项

1. A system for tracking potentially fraudulent activity, the system including:
a fraud tracking database; and a fraud tracking server connected to the fraud tracking database, the fraud tracking server including:
a memory;a processor coupled to the memory;a communications module to receive data identifying a potential spoof site; anda controller module including:
a URL analyzer to determine whether the data identifying the potential spoof site is associated with a previously identified spoof site for which a spoof site tracking record already exists,a database management module to generate a spoof site tracking record in the fraud tracking database, if the potential spoof site is not associated with a previously identified spoof site for which a spoof site tracking record already exists, the spoof site tracking record including the data identifying the potential spoof site, the controller module further to cause the communications module to notify an administrator of the potential spoof site,a spoof page fingerprinting analyzer to assign a spoof page identifier to a document associated with an actual spoof site based on unique characteristics of the document, wherein source code and a screen shot of the document associated with the actual spoof site are automatically downloaded to update the spoof site tracking record, and wherein the spoof page identifier is used by the spoof page fingerprinting analyzer to compare with a second spoof page identifier of a new document to identify a source of the new document, anda spoof site monitoring module to automatically monitor the actual spoof site to determine whether the actual spoof site is still active by periodically attempting to access the document associated with the actual spoof site, and to update the spoof site tracking record to include data obtained during the automatic monitoring of the actual spoof site by adding to the spoof site tracking record data indicating the date and time of the last attempt to access the document and data indicating whether or not the document was accessible.