"Phishing"
On The "Pharm": How Thieves Combine Two Techniques
To Steal Your Identity
Author: John Young
Bob
squinted at the email and began to read:
"Dear
eBay User, as part of our security measures, eBay Inc. has
developed a security program against fraudulent attempts
and account thefts. Therefore, our system requires further
account verification…"
Security
Measures. A threat to suspend his account to prevent "fraudulent
activity". The email went on to say that there were
"procedural safeguards with federal regulations to
protect the information you provide for us."
Bob
clicked the link and was confronted with an authentic looking
logon page, just waiting for him to input his user name
and password and confirm what ebay supposedly didn’t
know.
He
almost did it. The page looked absolutely authentic, and
he had already been "set up" by the email message.
His fingers were poised over the keyboard when he happened
to glance at the URL.
There
was something very, very wrong with it.
"PHARMING"
TO FLEECE SHEEP
The
art of "pharming" involves setting up an illegitimate
website that is identical with its legitimate prototype,
for example the ebay page Bob was almost suckered into using,
and redirecting traffic to it.
"Pharmers"
can do it in two ways:
1.By
altering the "Hosts" file on your computer. The
Hosts file stores the IP address of websites you have been
accessing. By inserting a new IP address into the database
field corresponding to a website, your own computer can
be redirected to the pharmer’s website. Any information
you give the bogus site is immediately hijacked by the pharmer.
2.Hijacking
the DNS (Dynamic Name Server) itself. A DNS matches the
names of address with their IP addresses. If this server
can be coerced into assigning new IP addresses to traditional
names, all computers using the name resolution provided
by the DNS server will be redirected to the hijacker’s
web site.
Once
that happens, it’s time to be fleeced.
DOWN
ON THE PHARM
"Pharmers"
hijack your "hosts" file or DNS servers using
Spyware, Adware, Viruses or Trojans. One of the most dangerous
things you can do is to run your computer without some form
of Internet Security installed on it.
Your
security software should be continually updating its virus
definitions, and be capable of warning you if something
has been downloaded from a web site or through email. It
should be able to remove it, "quarantine it",
or tell you where it is so that you can remove it by hand.
You
should also have Spyware and Adware programs installed,
and be aware of any change in Internet browsing patterns.
If your home page suddenly changes, or you experience advertising
pop ups (which may pop up even when you are not hooked up
to the Internet), you should run a Virus, Spyware or Adware
scan.
Thanks
to the efficacy of these protection programs, pharming is
a lot more difficult than it used to be. It isn’t as
easy to hijack a computer as it once was.
So,
the "pharmers" have teamed up with the "phishermen"
to get you to visit the bogus web page yourself, and enter
all the information they need.
PHISHING
TO CATCH YOU ON THE PHARM
As
Bob discovered, the page he had been taken to by the bogus
email message was identical to the ebay logon page. Identical
in every way except for the URL.
Out
of curiosity, he checked the URL for the ebay logon by accessing
ebay directly and clicking on the logon link. The two URL’s
were nothing alike, except the bogus one did have the word
"ebay" in it twice – just enough to make
it look authentic.
By
combining the two techniques, the phishermen/pharmers had
avoided the high tech problems associated with downloading
a Virus that could get past his protection software.
YOUR
ONLY REAL IDENTITY THEFT PREVENTION AND PROTECTION
The
only real protection against the pharmers and phishermen
is YOU. There are three things you must consider when you
read any email demanding information:
•
Why do they want it? Be extremely skeptical when they say
they have to "update their records", "comply
with federal regulations", or prevent fraud. They are
the ones initiating the fraud.
•
Why can’t this be done at the website? Why not invite
you to access the website directly and provide this information?
The answer is because the bonafide company doesn’t
need an update.
•
What does the URL look like? Is it a series of subdomains
some of which have the name of the bonafide company? Most
likely the subdomain is set up with a free hosting company.
•
Have they provided partial information about you as a guarantee
that the email authentically comes from the legitimate source?
Be very careful of this one. This technique is effective
for "pretexting", impersonating a person or company,
and was used in the Hewlett Packard scandal to collect information.
Just because they know your first and last name (and any
other information – known only to the legitimate source)
doesn’t mean the email is legitimate. They probably
hijacked the information off the server.
THE
BOTTOM LINE
The
bottom line is: don’t provide any information at the
behest of an email, no matter how authentic it looks, or
how authentic the page it directs you to looks. If you must
log in, do so at the parent site itself.
Your
Identity Theft prevention and protection is, in the final
analysis, up to you.
Don’t
be the next sheep fleeced by the pharmers who caught you
with the phisherman’s hook. Being dropped naked into
their frying pan is NOT a fate you want.
