Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide enhanced responses to an identified instance of online fraud. Such enhanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, responses may be disguised (e.g., by transmitting the responses from a variety of computers, by transmitting responses that appear to originate from a computer different than the actual source of the responses, etc.). In some cases, a response strategy may be implemented that forces the server (and/or an operator thereof) to choose between accepting the responses and blocking potential responses from the targets of the fraudulent scheme.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide ways to incite unsolicited email messages (such as spam messages, phish messages, etc.). In accordance with some embodiments, a bait email address may be planted in a particular location on the Internet. In particular embodiments, the location of the planted email address may be tracked in order to determine which locations are relatively more likely to generate unsolicited email messages. In other embodiments, domains likely to host the bait email addresses receiving unsolicited messages may be obtained. In some cases, unsolicited messages may be analyzed and/or otherwise processed to determine whether the messages are possibly associated with a fraudulent activity. Such analysis may lead to the investigation of one or more web sites and/or to the initiation of a response against a fraudulent activity.

Abstract: Embodiments of the invention provide systems and methods for providing authentication of a web site. According to one embodiment, authenticating a web site can comprise receiving a request from a verifier to authenticate the web site. For example, the web site can be authenticated based on pre-stored registration information for the web site. Additionally or alternatively, authenticating the web site can be based on reputation information related to the web site. A secure link can be established with the verifier and results of authenticating the web site can be reported to the verifier via the secure link. Establishing a secure link with the verifier can comprise connecting with a secure reporting feature of a client application of the verifier.

Abstract: Embodiments of the invention provide systems and methods for providing authentication of a web site. According to one embodiment, preventing online fraud can comprise receiving a registration request associated with a web site. The registration request can include information identifying the web site. Registration information identifying the web site can be recorded in a registration data store the registration information. A determination can be made as to whether the information identifying the web site is valid. A request to authenticate the web site can be received from a verifier. The web site can be authenticated based on the registration information and results of authenticating the web site can be reported to the verifier in response to the request.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide advanced responses to an identified instance of online fraud. Such advanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, in accordance with some embodiments, one or more HTTP responses to a server's request (such as an online form, etc.) may be submitted and/or transmitted for reception by the server. In some cases, each of the submitted responses may appear to comprise valid information responsive to the server's request. In other cases, one or more countermeasures may be implemented to defeat an attempt by a phisher (or any other operator of an illegitimate server) to filter responses.

Abstract: Embodiments of the invention provide systems and methods for providing authentication of brand information used on a website. According to one embodiment, providing reputation based authentication of brand information can comprise collecting information related to each of a plurality of websites. The information can relate to use of brand information by the website. Information related to the website from the collected information can be correlated and scored based on the correlated data. According to another embodiment, reputation information related to the website can be requested from a reputation service. The reputation information can comprise a score indicating the relative authenticity of the brand information used by the website. The reputation information can be received from the reputation service and an indication of the authenticity of the brand information used by the website can be generated based on the score.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide enhanced responses to an identified instance of online fraud. Such enhanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, responses may be disguised (e.g., by transmitting the responses from a variety of computers, by transmitting responses that appear to originate from a computer different than the actual source of the responses, etc.). In accordance with various embodiments of the invention, a variety of responsive strategies may be implemented. Merely by way of example, a plurality of substantially simultaneous HTTP requests may be transmitted to a server engaged in fraud.

Abstract: Various embodiments of the invention provide systems and methods for the enhanced detection and/or prevention of fraud. A set of embodiments provides, for example, a facility where companies (online businesses, banks, ISPs, etc.) provide a security provider with fraud feeds (such as, to name one example, a feed of email messages from third parties addressed to customers of those businesses), as well as systems and methods of implementing such a facility. In some embodiments, feeds (such as messages) may be analyzed to create normalized direct and/or derived data which then may be made available to such companies (perhaps for a fee). By defining and controlling access to the direct and derived data, a security provider may enable such companies to negotiate bilateral and other agreements between themselves as to who they will exchange data with, what data will be exchanged, and under what commercial and other terms such data will be exchanged.

Abstract: Embodiments of the invention provide novel systems, software and methods for gathering information about online entities and for identifying, evaluating and scoring such entities. Merely by way of example, the trustworthiness of an online entity, such as a domain, can be evaluated based information known about other online entities (e.g., the owner of the domain, other domains) associated with that domain. In an aspect of the invention, for example, publicly-available data (and, in some cases, other data) can be obtained and correlated to reveal previously-unknown associations between various online entities, despite, in some cases, the attempts of those entities to obscure such associations. This can facilitate the evaluation of such entities. For instance, if a new domain is registered, there generally is little basis on which to evaluate the trustworthiness of that domain (other than facially-apparent characteristics, such as the domain name itself), since it has not yet begun operating.

Abstract: Embodiments of the present invention provide methods, systems, and software for implementing evaluating online entities and/or for providing a trust score for such entities. The trust score may provide an indication of the trustworthiness of the online entity. In some cases, data may be obtained from a variety of sources, and such data may be used to evaluate an online entity and/or to provide a score for the entity. In an aspect of the invention, a plurality of trust scores, each of which related to a behavioral characteristic and/or a category of activity, may be assigned to a particular entity. Such scores may be stored in one or more data stores and/or may be provided to others.

Abstract: Embodiments of the present invention provide methods, systems, and software for implementing trust policies. Such policies may be implemented in a variety of ways, including at one or more border devices, client computers, etc. In accordance with various embodiments, a communication between a client computer (and/or application) and an online entity may be monitored and/or otherwise detected. The online entity may be identified, and/or one or more trust scores associated with the online entity may be obtained. Based on the trust scores, as well, perhaps as the nature of the communication, an action (such as allowing the communication, blocking the communication, quarantining the communication, warning a user, administrator, etc.) may be taken. In some cases, a trust policy may be consulted to determine what action should be taken with respect to a given communication.

Abstract: Embodiments of the present invention provide methods, systems, software for providing, distributing and/or using trust scores for online entities. In accordance with various embodiments, one or more trust score servers may be configured to provide trust scores, perhaps in response to a request (e.g., from another trust scores server, from a client, from a border device, etc.). In other embodiments, a computer (e.g., a border device, a client, etc.) may maintain a local cache of trust scores. In some cases, a computer may request a trust score for a particular online entity in response to receiving, detecting and/or attempting to transmit a communication with that online entity.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention can provide early warning of an online fraud, for instance by finding suspicious domains and/or monitoring those domains for activity. If a suspicious domain shows activity (for example, if a web site associated with the domain becomes active), one or more actions may be taken with respect to the domain.

Abstract: Various embodiments of the invention provide methods, systems and software for analyzing data. In particular embodiments, for example, a set of data about a web site may be analyzed to determine whether the web site is likely to be illegitimate (e.g., to be involved in a fraudulent scheme, such as a phishing scheme, the sale of gray market goods, etc.). In an exemplary embodiment, a set of data may be divided into a plurality of components (each of which, in some cases, may be considered a separate data set). Merely by way of example, a set of data may comprise data gathered from a plurality of data sources, and/or each component may comprise data gathered from one of the plurality of data sources. As another example, a set of data may comprise a document with a plurality of sections, and each component may comprise one of the plurality of sections.