Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method of URL Address Verification

IP.com Disclosure Number: IPCOM000130016D
Original Publication Date: 2005-Oct-11
Included in the Prior Art Database: 2005-Oct-11
Document File: 2 page(s) / 60K

Publishing Venue

IBM

Abstract

Phishing is a growing threat to businesses and to private email users. How can an email or hyperlink be validated or invalidated that they are phishing "lures" or authentic? This article describes a solution that is quick and nimble and notifies the user if phishing is occurring.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

Method of URL Address Verification

Main Idea

Phishing is a growing problem on the Internet, and especially in email. Below is an example of phishing, that I received. Phishing usually entails an email sent to a user that requests the user to then go to a "known" or "trusted" website and give sensitive data to a website form. The problem is how do recipients distinguish between phishing and legitimate and authentic business emails or websites. The solutions to this problem are to ignore all email, block email, verify by telephone every email, and to utilize public\private, shared key schemes. The drawbacks are that real email will be lost in the process, or the verification process is too slow, and the shared key scheme requires that every sender and receiver of email exchange must have a pre-set agreement with the user. This solution simplifies and quickens the email validity verification of links process.

"US

Bank" <anti-fr aud@u sbank.c om>

06/30/2 004 07:52
PM

To Steven Cook

cc

Subject U.S. Bank info![Thu, 1 Jul 2004 03:52:51 +0100]

44

This solution is a method of URL (Universal Resource Locator) Address verification. In the phishing example email above the URL text says "www.usbank.com", a known and trusted URL, but the link behind the text points to http:\\210.96.154.117:4903/cfm/index.htm. How does this invention verify the URL? By pinging or performing an NSLookup on the text address and comparing it to the IP Address of the URL link behind the text. In this example, the result of pinging www.usbank.com results in the following:

1

[This page contains 1 picture or other non-text object]

Page 2 of 2

[Ping Example]

C:\>ping www.usbank.com Pinging www.usbank.com [170.135.242.118] with 32 bytes of data: Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 170.135.242.118: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Approximate round trip times in milliseconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

[NSLOOKUP Example]

C:\logs\Run13\Minutemaid>nslookup www.usbank.com Server: blddns01.srv.ibm.com
Address: 9.0.8....