Pharming

Pharming is when criminal hackers redirect Internet traffic from one website to a different, identical-looking site in order to trick you into entering your user name and password into the database on their fake site.  Banking or similar financial sites are often the target of these attacks, in which criminals try to acquire your bank account, steal your identity, or commit other kinds of fraud in your name.

Fend off Phishing

“We suspect an unauthorized transaction on your account.  To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information.  Please click here to update and verify your information.”

Have you received e-mail with a similar message?  It’s a scam called “phishing” – and it involves internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, social insurance numbers, passwords, or other sensitive information) from unsuspecting victims.

In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or an instant message.  The term phishing arises from the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords.

FAQ’s:

How can a pharming attacker redirect my Web browser to another site?
Using a process called “DNS poisoning”, in which attackers access the giant databases that internet providers use to route Web traffic, they can make modifications on the spot so that you are diverted to the criminal site before you actually access the site you intended. 

Some companies claim that their firewall software also works against pharming.  Is this true?
Some Web privacy providers believe that customers who route all their internet activity through their own secure servers will be protected against pharming attacks.  The nature of pharming seems to suggest otherwise, but regardless of a company’s claims, it’s always a good idea to research security products carefully by reading product reviews from reputable sources, and before investing and relying on any software solutions.

Can’t I tell that a Website is false simply by moving the pointer over the links to see if the code goes to an apparently random number off the site?
Not necessarily.  The false Web sites used in pharming scams usually “spoof” their links so that they look exactly like the ones you expect to see, even in the code that appears when you mouse over them.  Also, Websites may change the code in their own links from time to time for various internal reasons, such as when they upgrade their software, server platform, and customer traffic analysis methods.

Why is pharming spelled with a “ph” instead of an “f”?
It’s part of an underground slang system that began with “phone phreaking” – using electronics to hack into telephones and get free calls. 

Here are some ways to avoid being Pharmed or Phished:

Pharming

Because pharming is the more insidious of the two, it is almost impossible to tell if you are on a bogus Website, but there are ways.  Keep in mind these two really good ways to let you know if you are on a pharming site:

1. As you enter a secure Web page that is asking for you to go ahead and input your passwords, credit card numbers, etc., the http: will change to https:. 
2. When you are on a secure Web page preparing to input passwords, credit card numbers, etc., there will be a yellow lock at the bottom of your computer screen in the toolbar.  If you place the mouse on it for a few seconds, or click on it, it will show that it is 128 Bit encrypted, which is the standard of Web security. 

Phishing

If you are ever faced with answering a pop-up or an e-mail that asks for personal or financial information, do not reply and don’t click on the link in the message, either. Legitimate companies do not ask for this information via e-mail or pop-up’s.  If you are concerned about your account, contact the organization mentioned in the e-mail using a telephone number you know to be genuine, or open a new internet browser session and type in the company’s correct Web address yourself.  In any case, do not cut and paste the link from the message into your Internet browser – phishers can make links look like they go to one place, but actually sends you to a different site.

Use anti-virus software and a firewall, and keep them up to date.  Some phishing e-mails contain software that can harm your computer or track your activities on the internet without your knowledge.  Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files.  Anti-virus software scans incoming communications for troublesome files.  Look for anti-virus software that recognizes current viruses as well as older ones, that can effectively reverse the damage, and that updates automatically.  A firewall helps make you invisible on the internet and blocks all communications from unauthorized sources.  It’s especially important to run a firewall if you have a broadband connection.  Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patched” to close holes in the system that hackers or phishers could exploit.

Don’t e-mail personal or financial information.  E-mail is not a secure method of transmitting personal information.  If you initiate a transaction and want to provide your personal or financial information through an organization’s Website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a Website that begins “https:” (the “s” stands for secure”).  Unfortunately, no indicator is foolproof – some phishers have forged security icons.

Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.  If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and balances.

Be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them.  These files can contain viruses or other software that can weaken your computer’s security.

 Don’t forget about telemarketing scams, mail scams, and lottery scams!

1. It sounds too good to be true
   You've won a big prize in a contest that you don't recall entering. You're offered a once-in-a-lifetime investment that offers a huge return. You're told that you can buy into a lottery ticket pool that cannot lose.
2. You must pay or you can't play
   “You’re a winner!” but you must agree to send money to the caller in order to pay for delivery, processing, taxes, duties or some other fee in order to receive your prize. Sometimes the caller will even send a courier to pick up your money.
3. You must give them your private financial information
   The caller asks for all your confidential banking and/or credit card information. Honest businesses do not require these details unless you are using that specific method of payment.
4. Will that be cash …  or cash?
   Often criminal telemarketers ask you to send cash or a money order, rather than a cheque or credit card. Cash is untraceable and cannot be cancelled. And, crooks also have difficulty in establishing themselves as merchants with legitimate credit card companies.
5. The caller is more excited than you are
   The crooks want to get you excited about this “opportunity” so that you won't be able to think clearly.