Abstract: The disclosed computer-implemented method for identifying security threats in smart contract-based services to protect against malicious attacks utilizing off-blockchain resources may include (i) identifying a reference associated with a transaction on a smart contract-based platform, (ii) detecting content describing one or more smart contracts associated with the reference on the platform, (iii) extracting an identifier from the content to locate off-blockchain resources utilized by the smart contracts, (iv) determining potential security threats associated with the off-blockchain resources, and (v) performing a security action that protects against the potential security threats. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The behavior of browser extensions when installed and operating in a browser environment is monitored, such as by observing changes to a web page with and without the browser extensions installed. Document Object Model (DOM) changes to the web page, such as scripts that only run when an extension is installed, or other web content that changes as a result of differences in a web page with and without the browser extension installed are observed. These differences may be attributed to the browser extension, and the changed or added elements may be inspected for malicious content or behavior. If malicious behavior is found in the different content, the content and/or the browser extension may be flagged as malicious behavior and a signature used to identify the malicious browser extension in future applications.

Abstract: The disclosed computer-implemented method for enforcing strict network connectivity and storage access during online payments may include (i) determining that a webpage in a tab of a browser application executing on the computing device includes a payment page for an e-commerce website, (ii) based on determining that the webpage includes a payment page, providing formjacking attack protection by monitoring network connectivity and storage access by the browser tab, (iii) based on the formjacking attack protection, identifying a potentially malicious attempt to hijack information entered into at least one web form included in the payment page, and (iv) in response to identifying the potentially malicious attempt, preventing the potentially malicious attempt from hijacking the information entered into the at least one web form included in the payment page. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems for protecting against harm caused by malicious websites are disclosed. Exemplary embodiments of the present disclosure may protect against harm caused by malicious websites by identifying malicious websites more accurately and reliably. In particular, some embodiments of the present disclosure may receive first resource data from a first web page on a website that is accessed by a first user and second resource data from a second web page on the website that is accessed by a second user. This resource data may be correlated and analyzed. Based on this analysis, a determination may be made that the website is malicious and a security action can be performed.

Abstract: Methods for protecting against malicious websites using repetitive data signatures are disclosed. Some embodiments may identify known malicious websites and known safe websites. A first dataset containing data from one or more artifacts within the known malicious websites and a second dataset containing data from the one or more artifacts within the known safe websites may be created. One or more signatures may be identified from the first dataset. A first frequency of signature repetition within the first dataset and a second frequency of signature repetition within the second dataset may be determined. A level of confidence may be determined based on the frequencies. If a rule establishment threshold for confidence is met or exceeded, a rule may be established that websites containing the one or more signatures are malicious. The rule may be applied to identify a new malicious website. A security action may also be performed.

Abstract: The disclosed computer-implemented method for protecting user data privacy against web tracking on Wi-Fi captive portals may include (i) detecting telemetry data generated from establishing a connection with a network access device associated with a captive portal, (ii) determining, based on the telemetry data, a target set of domains associated with a service set identifier assigned to the network access device, (iii) analyzing web tracking behavior data associated with the target set of domains to identify web trackers on the captive portal for a dataset of potential users, (iv) calculating a privacy risk score associated with the web trackers on the captive portal, and (v) performing a security action that protects against a potential invasion of user data privacy by presenting a privacy risk score notification associated with the web trackers on the captive portal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for dynamically generating fingerprint signatures may include (i) detecting data associated with fingerprinting functions called in a target web page, (ii) associating, based on the data, fingerprints generated by the fingerprinting functions with a corresponding action, (ii) identifying, based on the data, callee information associated with each of the fingerprinting functions, and (iv) performing a security action that protects against malicious activity by calculating a cryptographic hash of a list including the fingerprinting functions and the corresponding actions to generate a fingerprint signature for the target web page. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automatically identifying server-side tracking on websites may include collecting, by at least one processor, tracker parameters requested by websites. The method may additionally include inferring, by the at least one processor based on the collected tracker parameters, event forwarding by detecting two or more of the websites that request a similar set of the tracker parameters. The method may also include comparing, by the at least one processor, content of the two or more of the websites. The method may further include performing, by the at least one processor, a security action in response to the comparison. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An electronic tracking protection system and method enable receiving a particular electronic message, detecting in the particular electronic message a link including a particular uniform resource locator (“URL”) including a parameter including a value. A uniqueness of the value is determined and the parameter is removed from the particular URL based on the uniqueness of the value to generate a modified URL. The particular URL is replaced with the modified URL in the particular electronic message based on the uniqueness of the value to generate a modified electronic message.

Abstract: Systems and methods for detecting fraudulent e-commerce websites by identifying fake review systems are disclosed. In particular, some embodiments may identify an e-commerce website and download content contained on one or more product web pages of the e-commerce website. These web pages may be analyzed to identify a product review feature that is within the one or more product web pages. Attributes of the product review feature may then be evaluated to determine that the e-commerce website is fraudulent and a security action may be performed to protect consumers from the e-commerce website.

Abstract: Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page. In particular, a list of known tracking domains that load content into host web pages may be received. This list of tracking domains may include tracking domains that are functional and tracking domains that are nonfunctional. The tracking domains that are functional may be determined by evaluating various behaviors and characteristics of the tracking domains. Once functional tracking domains have been determined, these functional tracking domains may be allowed, and other tracking domains may be blocked from loading content onto host web pages thereby preserving the functionality of the web pages.

Abstract: The disclosed computer-implemented method for protecting user data privacy by detecting the extension of tracker coverage of website browsing sessions through indirect data disclosure may include (i) navigating to an origin website during a new web browsing session, (ii) analyzing the origin website to detect clickable elements and tracking domains, (iii) identifying webpage navigation information for destination websites and resources loaded by the tracking domains, (iv) grouping the webpage navigation information for the destination websites by a common destination tracking domain, (v) determining web trackers extending a tracker coverage from the origin website to the destination websites, and (vi) performing a security action that protects against a potential invasion of user data privacy by providing a notification of the extended tracker coverage during a browsing session in the origin website. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for dynamically classifying browser fingerprinting into user tracking and cloaking may include identifying, by a computing device, one or more website scripts as one or more candidates for cloaking based on function hooking and execution attribution. The method may additionally include identifying, in response to the identification of the one or more candidates for cloaking, at least one of the candidates for cloaking that lacks a direct connection to fingerprinting based on the function hooking and the execution attribution. The method may also include classifying, in response to the identification of the at least one of the candidates for cloaking that lacks a direct connection to fingerprinting, the at least one of the candidates for cloaking based on a hierarchical analysis. The method may further include performing a security action based on the classification. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Protecting against a tracking parameter in a web link. In one embodiment, a method may include receiving an input URL during a browser navigation session on a user device, the input URL including parameters, determining that the parameters include a tracking parameter, pausing the browser navigation session on the user device, launching the input URL in a headless browser that operates in an isolated environment that simulates one or more features of the user device, landing on a destination web page in the isolated environment, identifying a URL of the destination web page as a destination URL, and resuming the browser navigation session on the user device by replacing the input URL, which includes the tracking parameter, with the destination URL, which does not include the tracking parameter, in order to protect the user device from the tracking parameter.

Abstract: The disclosed computer-implemented method for dynamic data protection may include intercepting a submit request for sensitive data to a destination, inserting dummy data into the intercepted submit request. The method may also include determining whether the destination is a trusted destination and when the destination is determined to be the trusted destination, replacing the dummy data with real data to complete the submit request to the destination, wherein the real data was previously collected isolated from the submit request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting user data privacy against the use of fake first-party domains by hidden web trackers may include (i) identifying a group of subdomains associated with one or more websites, (ii) comparing an Internet Protocol (IP) address range for each of the subdomains, (iii) determining, based on the comparison, that an IP address range for a target subdomain is potentially utilized by a hidden web tracker as a fake first-party subdomain in the websites, (iv) detecting similarities between any scripts loaded by websites associated with the target subdomain and any functions performed by the scripts, and (v) perform a security action that protects against utilizing fake domains for evading web browser tracking protection by identifying the target subdomain as the fake first-party subdomain based on the detected similarities. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for protecting against an estimated level of online tracking are disclosed. In one embodiment, a method may include collecting data relating to a plurality of known users. This first data may include browser histories and a level of online tracking for each known user. The known users may be organized into clusters and second data relating to an unknown user may be received. The second data may include an identification of one or more categories of websites that the unknown user visits, and one or more websites within each of the one or more categories of websites that the unknown user visits. A matching cluster for the unknown user may be identified and levels of online tracking for similar known users within the matching cluster may be used to estimate a level of online tracking for the unknown user.

Abstract: Preserving web page functionality through dynamic analysis of host web pages. Web pages accessed by a user device may be monitored. The web browser may apply a blocking policy that blocks an external domain from loading functional content into the web page, which results in a breakage in the web page. The breakage in the web page may be identified through a dynamic analysis of the web page and correlated with the functional content from the blocked external domain. Once identified and correlated, the blocking policy may be modified to allow the external domain to load the functional content and reloading the web page.

Abstract: Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page. In particular, a list of known tracking domains that load content into host web pages may be received. This list of tracking domains may include tracking domains that are functional and tracking domains that are nonfunctional. The tracking domains that are functional may be determined by evaluating various behaviors and characteristics of the tracking domains. Once functional tracking domains have been determined, these functional tracking domains may be allowed, and other tracking domains may be blocked from loading content onto host web pages thereby preserving the functionality of the web pages.

Abstract: The disclosed computer-implemented method for dynamic formjacking protection may include identifying a sensitive data input field element on a webform loaded in a browser, creating a secure isolated container overlaid on the identified sensitive data input field element, and collecting, via the secure isolated container, real input data intended for the sensitive data input field element. The method may also include inserting dummy data into the sensitive data input field element and intercepting a form submit request from the webform to a destination. The method may further include determining whether the destination is a trusted destination, and when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination. The method may also include sending the form submit request to the destination. Various other methods, systems, and computer-readable media are also disclosed.