WalkMe has filed a patent for a method and system to detect phishing attacks. The invention involves obtaining representations of page elements from a source page, using them to acquire the same elements in different pages, and determining visual similarity between the source and target pages to classify the target page as a phishing attack. A responsive action is then performed to counter the attack. GlobalData’s report on WalkMe gives a 360-degree view of the company including its patenting strategy. Buy the report here.
According to GlobalData’s company profile on WalkMe, voice commerce was a key innovation area identified from patents. WalkMe's grant share as of September 2023 was 44%. Grant share is based on the ratio of number of grants to total number of patents.
The patent is filed for a method to detect phishing attacks
A recently filed patent (Publication Number: US20230231878A1) describes a method for detecting and responding to phishing attacks. The method involves obtaining a selection of page elements from a source page, generating representations of these elements, and then obtaining a target page where a user can interact. A visual similarity measurement is determined between the source and target pages based on the successful acquisition of the page elements using the representations. If the visual similarity measurement indicates a phishing attack, a responsive action is performed.
The patent also mentions that the method can handle different languages used in the source and target pages. Even if the languages are different, the visual similarity measurement can still be above a threshold, leading to the classification of the target page as a phishing attack.
The method is particularly useful when the source page is part of a sequence of pages where a user is required to provide information. In such cases, if the similarity measurement is below a threshold for each individual target page, the combination of the target page and the subsequent target page can still be classified as a phishing attack.
The selection of page elements can be obtained from a human operator using an operator device. Multiple selections by different operators can be used to automatically determine the page elements.
The representations of the page elements can include multiple alternative representations, each indicating a different attribute of the element. This provides a robust acquisition method that does not rely on a single representation.
The visual similarity measurement is determined based on the successful acquisition of some elements and the failure to acquire others. This partial matching of elements between the source and target pages helps in detecting phishing attacks.
The classification of the target page as a phishing attack can also be based on the similarity measurement of the domain name of the target page to the domain name of the source page. The analysis of the certificate of the target page's domain name can further aid in the classification.
The responsive action performed upon detecting a phishing attack can include displaying a warning to the user, blocking the user from using the target page, preventing interaction with input fields, redirecting the user, or issuing an alert to the user's organization.
Overall, this patent presents a method for effectively detecting and responding to phishing attacks by analyzing the visual similarity between source and target pages and taking appropriate actions based on the classification of the target page.