Identifying phishing websites using DOM characteristics

Assignee

• RiskIQ, Inc. · US

Inventors

• Adam Hunt · El Cerrito, US
• David Pon · Sunnyvale, US
• Chris Kiernan · San Francisco, US
• Ben Adams · Cuyahoga Falls, US
• Jonas Edgeworth · San Francisco, US
• Elias Manousos · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1425
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.