	US 12,341,813 B2
	Information security system and method for phishing website identification based on image hashing
Peter George Kurrasch, Palatine, IL (US); and Martin Andrew Sutton, Broughton (GB)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Nov. 7, 2023, as Appl. No. 18/503,771.
Application 18/503,771 is a continuation of application No. 17/389,897, filed on Jul. 30, 2021, granted, now 11,882,152.
Prior Publication US 2024/0073246 A1, Feb. 29, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1483 (2013.01) [H04L 63/1416 (2013.01); H04L 63/145 (2013.01); H04L 63/20 (2013.01)]

18 Claims

1. A system for detecting phishing websites, comprising:

a processor configured to:

access a first website comprising a first plurality of images, wherein the first website is associated with phishing;

extract the first plurality of images from the first website;

for at least a first image from the first plurality of images, determine a first hash value for the first image, wherein the first hash value comprises a first serial number uniquely identifying the first image;

determine a first overall hash value for the first website, wherein:

determining the first overall hash value comprises hashing the first hash value; and

the first overall hash value represents a first signature associated with the first website;

access a second website comprising a second plurality of images;

extract the second plurality of images from the second website;

for at least a second image from the second plurality of images, determine a second hash value for the second image, wherein the second hash value comprises a second serial number uniquely identifying the second image;

determine a second overall hash value for the second website, wherein:

determining the second overall hash value comprises hashing the second hash value; and

the second overall hash value represents a second signature associated with the second website;

compare the second overall hash value with the first overall hash value;

determine whether the second overall hash value corresponds to the first overall hash value;

in response to determining that the second overall hash value corresponds to the first overall hash value, determine that the second website is associated with the first website; and

in response to determining that the second website is associated with the first website, send an alert message to a computing device from which the second website is accessed, wherein the alert message indicates that the second website is associated with phishing; and

a memory, operably coupled with the processor, and operable to store the first plurality of images and the second plurality of images.