Abstract: Various embodiments of the invention provide solutions, including systems, methods and software, for dealing with unethical uses of electronic mail, and in particular, with attempts to use email messages to facilitate online fraud. Some embodiments function to gather a set of at least one incoming email message, analyze that incoming message, categorize the message as a categorize the incoming email message as a fraudulent email message. Other embodiments can investigate the uniform resource locator included with the incoming email message to determine information about a server hosting the web site referenced by the uniform resource locator and pursue a response to a fraudulent attempt to collect personal information. In some cases, responses may be administrative and/or technical in nature.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide ways to incite unsolicited email messages (such as spam messages, phish messages, etc.). In accordance with some embodiments, a bait email address may be planted in a particular location on the Internet. In particular embodiments, the location of the planted email address may be tracked in order to determine which locations are relatively more likely to generate unsolicited email messages. In other embodiments, domains likely to host the bait email addresses receiving unsolicited messages may be obtained. In some cases, unsolicited messages may be analyzed and/or otherwise processed to determine whether the messages are possibly associated with a fraudulent activity. Such analysis may lead to the investigation of one or more web sites and/or to the initiation of a response against a fraudulent activity.

Abstract: Solutions (including inter alia, systems, methods and software) for dealing with online fraud. Certain of these solutions provide enhanced responses to an identified instance of online fraud. Such enhanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, responses may be disguised (e.g., by transmitting the responses from a variety of computers, by transmitting responses that appear to originate from a computer different than the actual source of the responses, etc.). In some cases, a response strategy may be implemented that forces the server (and/or an operator thereof) to choose between accepting the responses and blocking potential responses from the targets of the fraudulent scheme.

Abstract: Tools for analyzing images are disclosed. In some cases, the images are analyzed in order to determine whether a particular web site and/or email message is part of an illegitimate online activity. In an aspect, an image analysis process comprises comparing a suspect image with one or more elements of interest (which can include images, words, etc.) by generating fingerprints characterizing the suspect image and the elements of interest, to allow for a quantitative comparison.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide advanced responses to an identified instance of online fraud. Such advanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, in accordance with some embodiments, one or more HTTP responses to a server's request (such as an online form, etc.) may be submitted and/or transmitted for reception by the server. In some cases, each of the submitted responses may appear to comprise valid information responsive to the server's request. In other cases, one or more countermeasures may be implemented to defeat an attempt by a phisher (or any other operator of an illegitimate server) to filter responses.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention can provide early warning of an online fraud, for instance by finding suspicious domains and/or monitoring those domains for activity. If a suspicious domain shows activity (for example, if a web site associated with the domain becomes active), one or more actions may be taken with respect to the domain.

Abstract: Embodiments of the invention provide systems and methods for validating ownership of a domain name. According to one embodiment, a validating ownership of a domain name can comprise retrieving one or more domain name ownership records. For example, the one or more domain name ownership records comprise Who Is records. Validity of the one or more domain name records can be confirmed with a designated domain manager. According to one embodiment, confirming validity of the one or more domain name records with the designated domain manager can comprise authenticating the designated domain manager based on a certificate provided by the designated domain manager.

Abstract: The present invention, in one set of embodiments, provides methods, systems and software that may be used to generate and manage enforcement actions against domains that are potentially and/or actually infringing rights of a user. Merely by way of example, some embodiments provide methods for identifying one or more domain names potentially subject to enforcement activity by a user. According to further embodiments, methods are provided for obtaining domain information regarding potential and/or actual infringing domains for a user. In certain embodiments, the present invention provides methods for analyzing domain information concerning potential and/or actual infringing domains and generating one or more enforcement messages for sending to one or more parties associated with the potentially and/or actually infringing domain names.

Abstract: Embodiments of the invention provide systems and methods for validating ownership of a domain name. According to one embodiment, a validating ownership of a domain name can comprise retrieving one or more domain name ownership records. For example, the one or more domain name ownership records comprise Who Is records. Validity of the one or more domain name records can be confirmed with a designated domain manager. According to one embodiment, confirming validity of the one or more domain name records with the designated domain manager can comprise authenticating the designated domain manager based on a certificate provided by the designated domain manager.

Abstract: Tools and techniques for identifying brand misuse and/or for distributing information about such misuse. Certain of the tools and techniques can be used to determine that a set of online content (e.g., a web site, web page, or portion thereof) is untrustworthy (for example, because that set of online content misuses a brand) and generate a brand notification feed indicating the untrustworthiness of the set of online content. This brand notification feed might be distributed to a security vendor, who can incorporate information from the brand notification feed into the information it provides to clients.

Abstract: Various embodiments of the invention provide methods, systems and software for analyzing data. In particular embodiments, for example, a set of data about a web site may be analyzed to determine whether the web site is likely to be illegitimate (e.g., to be involved in a fraudulent scheme, such as a phishing scheme, the sale of gray market goods, etc.). In an exemplary embodiment, a set of data may be divided into a plurality of components (each of which, in some cases, may be considered a separate data set). Merely by way of example, a set of data may comprise data gathered from a plurality of data sources, and/or each component may comprise data gathered from one of the plurality of data sources. As another example, a set of data may comprise a document with a plurality of sections, and each component may comprise one of the plurality of sections.

Abstract: Embodiments of the invention provide systems and methods for validating ownership of a domain name. According to one embodiment, a validating ownership of a domain name can comprise retrieving one or more domain name ownership records. For example, the one or more domain name ownership records comprise Who Is records. Validity of the one or more domain name records can be confirmed with a designated domain manager. According to one embodiment, confirming validity of the one or more domain name records with the designated domain manager can comprise authenticating the designated domain manager based on a certificate provided by the designated domain manager.

Abstract: Various embodiments of the invention provide methods, systems and software for analyzing data. In particular embodiments, for example, a set of data about a web site may be analyzed to determine whether the web site is likely to be illegitimate (e.g., to be involved in a fraudulent scheme, such as a phishing scheme, the sale of gray market goods, etc.). In an exemplary embodiment, a set of data may be divided into a plurality of components (each of which, in some cases, may be considered a separate data set). Merely by way of example, a set of data may comprise data gathered from a plurality of data sources, and/or each component may comprise data gathered from one of the plurality of data sources. As another example, a set of data may comprise a document with a plurality of sections, and each component may comprise one of the plurality of sections.

Abstract: Embodiments of the invention provide systems and methods for preventing online fraud. According to one embodiment, a method for providing an indication of the legitimacy of a web page can comprise receiving the web page. A determination can be made as to whether the web page is legitimate based, for example, on a reputation of the web page. In response to determining the web page is legitimate, at least one positive indicator can be displayed on a browser window for displaying the web page. This positive indicator can be user-selected such that the user can be confident that the browser or computer-based software knows the identity of the current user. According to one embodiment, the indication can be displayed on a portion of the browser window or the desktop portion of the user's computer that is not accessible to code of the web page.

Abstract: A system for searching and reporting an incidence of at least one trademark, tradename, celebrity name, and/or famous name on the Internet, which includes a computer system having a connection to the Internet, and a software program executing on the computer system. The software program is adapted to receive an input of at least one trademark, tradename, celebrity name, and famous name to be searched. The software program then creates a search string including at least one trademark, tradename, celebrity name, and famous name. The software program also receives a URL address of a Web page on the Internet to be searched. The software program accesses and searches the Web page for hits corresponding to the search string, and then provides the search results of identified hits within the Web page.

Abstract: A system for searching and reporting an incidence of at least one trademark, tradename, celebrity name, and/or famous name on the Internet, which includes a computer system having a connection to the Internet, and a software program executing on the computer system. The software program is adapted to receive an input of at least one trademark, tradename, celebrity name, and famous name to be searched. The software program then creates a search string including at least one trademark, tradename, celebrity name, and famous name. The software program also receives a URL address of a Web page on the Internet to be searched. The software program accesses and searches the Web page for hits corresponding to the search string, and then provides the search results of identified hits within the Web page.

Abstract: Embodiments of the invention provide systems and methods for validating ownership of a domain name. According to one embodiment, a validating ownership of a domain name can comprise retrieving one or more domain name ownership records. For example, the one or more domain name ownership records comprise Who Is records. Validity of the one or more domain name records can be confirmed with a designated domain manager. According to one embodiment, confirming validity of the one or more domain name records with the designated domain manager can comprise authenticating the designated domain manager based on a certificate provided by the designated domain manager.

Abstract: Tools for analyzing images are disclosed. In some cases, the images are analyzed in order to determine whether a particular web site and/or email message is part of an illegitimate online activity. In an aspect, an image analysis process comprises comparing a suspect image with one or more elements of interest (which can include images, words, etc.) by generating fingerprints characterizing the suspect image and the elements of interest, to allow for a quantitative comparison.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. Some embodiments function to access and/or obtain information from (and/or receive data from) a data source; the data might, for example, indicate a possible instance of online fraud. Certain embodiments, therefore, can be configured to analyze the data, e.g., to determine whether the data indicate a likely instance of online fraud. Such instances may be further investigated, and/or a response may be initiated. Data sources can include, without limitation, web pages, email messages, online chat sessions, domain zone files, newsgroups (and/or postings thereto), etc. Data obtained from the data sources can include, without limitation, suspect domain registrations, uniform resource locators, references to trademarks, advertisements, etc.

Abstract: Various embodiments of the invention provide devices, methods, systems and software for detecting, analyzing and/or responding to a fraudulent activity. In particular embodiments, an email message incoming to an organization may be analyzed to determine whether such messages are returned messages, which might indicate a delivery failure of an original message. Because the returned message is received by the organization, it may be likely that the original message purported to originate from the organization. If the original message did not in fact originate from the organization, that fact might indicate that the original message is part of a fraudulent activity. In such case, the fraudulent activity might be investigated, and/or a response to the fraudulent activity may be imitated and/or undertaken.