This disclosure describes techniques to warn users when a password for a particular online domain is being submitted by a user device to a domain different than the one for which it was originally registered. The warning alerts the user of possible phishing attacks. Cryptographic hashes of user passwords along with corresponding domains are stored. When a user attempts to send data to a website, e.g., via form submission, hashes of the data are calculated and compared with the stored hashes of password. In the case of a match, a warning is presented to the user. The techniques can be implemented as a feature of a web browser, a browser plugin, as standalone software, as part of an operating system, etc.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Anders, Pedro Gonnet, "Hash comparisons to provide warnings of phishing attacks", Technical Disclosure Commons, (October 06, 2017)