Abstract: A computer-implemented method of generating an augmented electronic text document comprises establishing a directed multigraph where each vertex is associated with a separate language and is connected to at least one other one of the vertices by an oriented edge indicative of a machine translation engine's ability to translate between languages associated with the vertices connected by the oriented edge with acceptable performance. The directed multigraph is then traversed starting at a predetermined origin vertex associated with an original language of the original electronic text document by randomly selecting an adjacent vertex pointed to by an oriented edge connected to the predetermined origin vertex and causing a machine translation engine to translate the original electronic text document from the original language to a language associated with the selected vertex.

Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.

Abstract: A computer-implemented method of generating an augmented electronic text document comprises establishing a directed multigraph where each vertex is associated with a separate language and is connected to at least one other one of the vertices by an oriented edge indicative of a machine translation engine's ability to translate between languages associated with the vertices connected by the oriented edge with acceptable performance. The directed multigraph is then traversed starting at a predetermined origin vertex associated with an original language of the original electronic text document by randomly selecting an adjacent vertex pointed to by an oriented edge connected to the predetermined origin vertex and causing a machine translation engine to translate the original electronic text document from the original language to a language associated with the selected vertex.

Abstract: A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user cred

Abstract: A computer-implemented method of unsubscribing a recipient of an electronic message may comprise identifying and extracting an unsubscribe Universal Resource Indicator (URI) from the electronic message and carrying out a dynamic unsubscribe scenario if the extracted unsubscribe URI matches a known unsubscribe URI. The dynamic unsubscribe scenario may comprise instructions that are selectively executed depending on contents of a single unsubscribe form in a webpage pointed to by the extracted unsubscribe URI. These instructions may comprise finding and filling in a single input field in the webpage that is relevant to unsubscribing with an electronic address of the recipient or finding and updating a user interface element that is relevant to unsubscribing. The single unsubscribe form with the filled in single relevant input field or updated user interface element may then be submitted and a determination may be made whether an unsubscribe confirmation message was generated.

Abstract: A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user cred

Abstract: A computer-implemented method may comprise receiving an electronic message (such as a legitimate email or malicious phishing email, for example) over a computer network, the electronic message containing a uniform resource locator (URL). The URL in the received electronic message may be parsed and one or more original parameter may be identified therein. The type of the identified original parameter(s) may be determined. The identified original parameter(s) may then be transformed according to a parameter transformation rules, selected according to the determined type. to generate transformed parameter(s). The URL may then be reassembled by substituting the transformed parameter(s) for the original parameter(s). The website pointed to by the reassembled URL may then be accessed, over the computer network, using the transformed parameter(s) only if the reassembled URL meets a predetermined minimum criterion.

Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.

Abstract: A computer-implemented method of unsubscribing a recipient of an electronic message may comprise identifying and extracting an unsubscribe Universal Resource Indicator (URI) from the electronic message and carrying out a dynamic unsubscribe scenario if the extracted unsubscribe URI matches a known unsubscribe URI. The dynamic unsubscribe scenario may comprise instructions that are selectively executed depending on contents of a single unsubscribe form in a webpage pointed to by the extracted unsubscribe URI. These instructions may comprise finding and filling in a single input field in the webpage that is relevant to unsubscribing with an electronic address of the recipient or finding and updating a user interface element that is relevant to unsubscribing. The single unsubscribe form with the filled in single relevant input field or updated user interface element may then be submitted and a determination may be made whether an unsubscribe confirmation message was generated.

Abstract: A computer-implemented method of unsubscribing a recipient of an electronic message may comprise identifying and extracting an unsubscribe Universal Resource Indicator (URI) from the electronic message and carrying out a dynamic unsubscribe scenario if the extracted unsubscribe URI does not match a known unsubscribe URI pattern. The dynamic unsubscribe scenario may comprise instructions that are selectively executed depending on contents of a single unsubscribe form in a webpage pointed to by the extracted unsubscribe URI. These instructions may comprise finding and filling in a single input field in the webpage that is relevant to unsubscribing with an electronic address of the recipient or finding and updating a user interface element that is relevant to unsubscribing. The single unsubscribe form with the filled in single relevant input field or updated user interface element may then be submitted and a determination may be made whether an unsubscribe confirmation message was generated.

Abstract: A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user cred

Abstract: A computer-implemented method may comprise receiving an electronic message (such as a legitimate email or malicious phishing email, for example) over a computer network, the electronic message containing a uniform resource locator (URL). The URL in the received electronic message may be parsed and one or more original parameter may be identified therein. The type of the identified original parameter(s) may be determined. The identified original parameter(s) may then be transformed according to a parameter transformation rules, selected according to the determined type. to generate transformed parameter(s). The URL may then be reassembled by substituting the transformed parameter(s) for the original parameter(s). The website pointed to by the reassembled URL may then be accessed, over the computer network, using the transformed parameter(s) only if the reassembled URL meets a predetermined minimum criterion.

Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.

Abstract: A method of determining a probability that a received email comprises a phishing attempt may comprise analyzing a link therein to determine whether the link comprises a phishing attempt. This determination may comprise comparing features of the link with records stored in a remote database to determine whether the link comprises a phishing attempt. It may be determined that the link comprises a phishing attempt if there is a match. If the compared features do not match the records stored in the remote database, a multi-dimensional input vector may be built from features of the link, which input vector may then be input into a phishing probability engine. The probability that the link comprises a phishing attempt may be computed by the phishing probability engine. Thereafter, the received email may be acted upon according to the computed probability that the link comprises a phishing attempt.

Abstract: A computer-implemented method may comprise receiving, over a computer network, an email comprising a link to a fraudulent website of a counterfeited brand, the fraudulent website comprising at least one login page that comprises at least one field configured to accept user credentials; determining constraints on the user credentials that must be satisfied for the user credentials to be accepted by the fraudulent website when input into the at least one field; randomly generating at least some marker elements that satisfy the determined constraints; using the randomly-generated marker elements, generating fake user credentials that satisfy the determined constraints; assembling the generated fake user credentials into a marker that is specific to the counterfeited brand and to the fraudulent website; programmatically inputting the generated fake user credentials into the at least one field of the at least one login page of the fraudulent website; and publishing the marker injected into the fraudulent website t

Abstract: A computer-implemented method may comprise receiving an electronic message (such as a legitimate email or malicious phishing email, for example) over a computer network, the electronic message containing a uniform resource locator (URL). The URL in the received electronic message may be parsed and one or more original parameter may be identified therein. The type of the identified original parameter(s) may be determined. The identified original parameter(s) may then be transformed according to a parameter transformation rules, selected according to the determined type. to generate transformed parameter(s). The URL may then be reassembled by substituting the transformed parameter(s) for the original parameter(s). The website pointed to by the reassembled URL may then be accessed, over the computer network, using the transformed parameter(s) only if the reassembled URL meets a predetermined minimum criterion.

Abstract: A list of known addresses of electronic messages may be maintained, as may be a list of known display names of electronic messages. A list of blacklisted email addresses, which are always assumed to be fraudulent or malicious, may also be maintained. For each electronic message received by a user, it may be determined whether the address or display name looks suspicious; that is, whether the received email appears to impersonate a known email address or a known display name. The user may be warned if a received electronic message is determined to be or may likely be or contain an illegitimate or spoofed address or display name.

Abstract: A computer-implemented method may comprise receiving an electronic message from a purported known sender; accessing a database of known senders and determining whether the sender matches one of the known senders. The degree of similarity of the sender to at least one of the known senders may then be quantified. The received message may then be determined to be legitimate when the purported known sender is determined to match one of the known senders. The received electronic message may be flagged as being suspect when the purported known sender does not match one of the plurality of known senders and the quantified degree of similarity of the purported known sender to one of the known senders is greater than a threshold value. A perceptible cue may then be generated when the received message has been flagged as being suspect, to alert the recipient that the flagged message is likely illegitimate.

Abstract: A method of determining a probability that a received email comprises a phishing attempt may comprise analyzing a link therein to determine whether the link comprises a phishing attempt. This determination may comprise comparing features of the link with records stored in a remote database to determine whether the link comprises a phishing attempt. It may be determined that the link comprises a phishing attempt if there is a match. If the compared features do not match the records stored in the remote database, a multi-dimensional input vector may be built from features of the link, which input vector may then be input into a phishing probability engine. The probability that the link comprises a phishing attempt may be computed by the phishing probability engine. Thereafter, the received email may be acted upon according to the computed probability that the link comprises a phishing attempt.

Abstract: A method of determining a probability that a received email comprises a phishing attempt may comprise analyzing a link therein to determine whether the link comprises a phishing attempt. This determination may comprise comparing features of the link with records stored in a remote database to determine whether the link comprises a phishing attempt. It may be determined that the link comprises a phishing attempt if there is a match. If the compared features do not match the records stored in the remote database, a multi-dimensional input vector may be built from features of the link, which input vector may then be input into a phishing probability engine. The probability that the link comprises a phishing attempt may be computed by the phishing probability engine. Thereafter, the received email may be acted upon according to the computed probability that the link comprises a phishing attempt.