US 12,206,705 B2
Phishing protection methods and systems
Dmitry Kagan, Kfar-Saba (IL); and Evgeni Geht, Rehovot (IL)
Assigned to COFENSE CYBERFISH LTD., Beer-Sheva (IL)
Appl. No. 17/297,327
Filed by Cyberfish LTD., Beer-Sheva (IL)
PCT Filed Nov. 26, 2019, PCT No. PCT/IL2019/051288
§ 371(c)(1), (2) Date May 26, 2021,
PCT Pub. No. WO2020/110109, PCT Pub. Date Jun. 4, 2020.
Claims priority of provisional application 62/771,275, filed on Nov. 26, 2018.
Prior Publication US 2022/0030029 A1, Jan. 27, 2022
Int. Cl. H04L 9/40 (2022.01); G06N 3/08 (2023.01)
CPC H04L 63/1483 (2013.01) [G06N 3/08 (2013.01)] 30 Claims
OG exemplary drawing
 
30. A non-transitory computer-readable storage medium including instructions that when executed on a processor perform a method for detecting phishing attacks, the method comprising:
acquiring a set of legitimate web content from multiple webpages hosted at a plurality of legitimate top-level domains (TLDs);
generating, using an HTML5-compatible background browser, a set of legitimate browser images from the set of legitimate web content, wherein the legitimate browser images are bit-map images stored in memory without displaying content on an interactive display;
determining, using a neural network, a set of legitimate visual characteristics from the set of legitimate browser images;
accessing a hyperlink embedded within an email message in a user's email inbox;
generating, using the HTML5-compatible background browser, a background browser image from unauthenticated web content associated with the hyperlink;
identifying, using the neural network, a statistical similarity between visual characteristics of the background browser image and the set of legitimate visual characteristics;
determining that a domain of the unauthenticated web content does not match any of the plurality of legitimate TLDs associated with the statistically similar legitimate visual characteristics; and
responsively recording that the unauthenticated web content is illegitimate.