US Patent 8245304 Autonomous system-based phishing and pharming detection

Methods for detecting an attempt to perpetrate fraud on a user utilizing a client-supplied link and a client-supplied IP address from a user computer. The method ascertains a first autonomous system number (“first AS number”) from the client-supplied IP address and a second autonomous system number (“second AS number”) from the client-supplied link. If the first AS number and the second AS number are not AS group peers, a pharming attempt is detected. Alternatively or additionally, the method includes analyzing a content of a webpage that is accessed using the client-supplied IP address to ascertain an identity of an apparent owner of the webpage and ascertaining a third autonomous system number (“third AS number”) from the identity of the apparent owner of the webpage. If the first AS number and the third AS number are not AS group peers, a phishing attempt is detected.