| CPC H04L 63/1483 (2013.01) [G06V 30/18143 (2022.01); G06V 2201/09 (2022.01)] | 23 Claims |
|
1. A method for protecting a computing device, comprising:
detecting an email received by the computing device and comprising a Uniform Resource Locator (URL) for a web page in a first domain;
retrieving the web page from the first domain;
determining a plurality of words that would be visible when the web page is rendered;
selecting, from the plurality of words, a set of words to be used as keywords;
submitting, to a search engine, a query comprising the set of keywords;
receiving, from the search engine, a response to the query, the response indicating a set of second domains and respective rankings for the second domains, where the ranking for a given second domain is provided by relative position of the given second domain in the set of second domains and is indicative of a quality of the second domain in relation to the keywords; and
generating an alert for a phishing attack responsively to detecting that either the first domain does not match any of the second domains or the first domain matches a second domain that has a ranking exceeding a specified ranking threshold.
|