Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

A fraud monitor in a managed network is provided. The fraud monitor uses the network's instrumentation data, configuration data, and account information to detect fraudulent activities in the network, such as fraudulent advertisement or other types of fraudulent data traffic, including fraudulent responses (e.g., fraudulent clicks) to advertisement. The fraud monitor receives configuration data and identification data for physical resources of the network. The fraud monitor receives instrumentation data of packet traffic in the network. The fraud monitor receives account information for users of the network. The fraud monitor analyzes the instrumentation data to detect a violation of a fraud detection policy that prevents malicious or fraudulent online advertisement activity based on the configuration data, identification data, or account information.

This application discloses a method and an apparatus for defending against a network attack, to resolve a problem that network defense costs are relatively high. The method includes: a network security device receives a first packet sent by an external device, and matches a destination IP address of the first packet with configuration information of a fake network. If an IP address of a node in the configuration information of the fake network has a same subnet prefix as the destination IP address, the network security device processes the first packet based on a fake network policy; if no IP address of a node in the configuration information of the fake network has a same subnet prefix as the destination IP address, the network security device processes the first packet based on a firewall policy.

The present invention relates to methods and apparatus for dynamically detecting and/or mitigating threats in communications systems. Exemplary methods and apparatus of the present invention allow for a combination of automated and operator controlled responses to threats. While an operator is provided an opportunity to provide input on how to respond to a threat, after one or more threats of a given type are identified, the system will automatically take corrective action without waiting for operator input and/or in the absence of operator input following notification of a threat.

A computerized system and method to detect phishing cyber-attacks is described. The approach entails analyzing one or more displayable images of a webpage referenced by a URL to ascertain whether the one or more displayable images, and thus the webpage and potentially an email including the URL, are part of a phishing cyber-attack.

One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An iterative process may be performed to identify a coalition network associated with fraudulent activity. The iterative process may include analyzing the first network profile to identify a first set of entities, of the first entities, that are related to an entity of the second entities, and/or analyzing the first network profile to identify a second set of entities, of the second entities, that are related to the first set of entities. Multiple iterations may be performed to identify the coalition network.

Account permissions and data accessibility can be modified based on level of confidence for a login attempt to the account. User activity observations corresponding to one or more login attempts to access a user account can be stored. A confidence score associated with a successful login attempt of the user account can be determined. The confidence score is based on the user activity observations. A level of access to an application with functions and data for the user account can be determined. The level of access is based on the confidence score. The level of access is associated with the functions and the data that are executable and accessible subsequent to the successful login attempt.

Disclosed herein are computer-implemented method, system, and computer-program product (computer-readable storage medium) embodiments for discovering contextualized placeholder variables in template code. Some embodiments include invoking a render call to a template engine to render an input template and then receiving a message identifying a placeholder variable within the input template in response to invoking the render call. These embodiments may further include generating multiple rendered templates by rendering the input template based at least in part on a unique value and a modified unique value for the placeholder variable. Further still, these embodiments may also include storing the placeholder variable in a security vulnerability data structure in response to detecting a change in context associated with the placeholder variable between the multiple rendered templates.

A network device may receive, from a first network, a network packet of a first network packet type that encapsulates a fragment of a second network packet of a second network packet type, where the network packet includes an extension header that indicates a source port and a destination port for the second network packet. The network device may perform an anti-spoof check on the fragment of the second network packet based at least in part on at least one of: the source port or the destination port for the second network packet that is indicated by the extension header. The network device may, based on the fragment passing the anti-spoof check, forward the fragment of the second network packet to a second network.

There is disclosed a method of providing passive phishing remediation for an enterprise, including: displaying, to a user of a mobile device, an email; receiving from the user a one-click request to perform additional analysis of the email; providing the email to a phishing mitigation service; assigning the email a reputation score, generating a human-readable reputation display for the email, wherein the human-readable reputation display includes at least three grades comprising safe, unknown or unreliable, and unsafe or malicious; and providing the human-readable reputation display as a push notification to the mobile device.