|
|
|
Phishing On The Pharm How Thieves Combine Two Techniques To Steal Your Identity
ob squinted at the email email message. His fingers were
and began to read: poised over the keyboard when he
happened to glance at the URL.
"Dear eBay User, as part of our
security measures, eBay Inc. has There was something very, very
developed a security program wrong with it.
against fraudulent attempts and
account thefts. Therefore, our "PHARMING" TO FLEECE SHEEP
system requires further account
verification..." The art of "pharming" involves
setting up an illegitimate
Security Measures. A threat to website that is identical with
suspend his account to prevent its legitimate prototype, for
"fraudulent activity". The email example the ebay page Bob was
went on to say that there were almost suckered into using, and
"procedural safeguards with redirecting traffic to it.
federal regulations to protect
the information you provide for "Pharmers" can do it in two ways:
us."
1.By altering the "Hosts" file on
Bob clicked the link and was your computer. The Hosts file
confronted with an authentic stores the IP address of websites
looking logon page, just waiting you have been accessing. By
for him to input his user name inserting a new IP address into
and password and confirm what the database field corresponding
ebay supposedly didn't know. to a website, your own computer
can be redirected to the
He almost did it. The page looked pharmer's website. Any
absolutely authentic, and he had information you give the bogus
already been "set up" by the site is immediately hijacked by
the pharmer. warning you if something has been
downloaded from a web site or
2.Hijacking the DNS (Dynamic Name through email. It should be able
Server) itself. A DNS matches the to remove it, "quarantine it", or
names of address with their IP tell you where it is so that you
addresses. If this server can be can remove it by hand.
coerced into assigning new IP
addresses to traditional names, You should also have Spyware and
all computers using the name Adware programs installed, and be
resolution provided by the DNS aware of any change in Internet
server will be redirected to the browsing patterns. If your home
hijacker's web site. page suddenly changes, or you
experience advertising pop ups
Once that happens, it's time to (which may pop up even when you
be fleeced. are not hooked up to the
Internet), you should run a
DOWN ON THE PHARM Virus, Spyware or Adware scan.
"Pharmers" hijack your "hosts" Thanks to the efficacy of these
file or DNS servers using protection programs, pharming is
Spyware, Adware, Viruses or a lot more difficult than it used
Trojans. One of the most to be. It isn't as easy to hijack
dangerous things you can do is to a computer as it once was.
run your computer without some
form of Internet Security So, the "pharmers" have teamed up
installed on it. with the "phishermen" to get you
to visit the bogus web page
Your security software should be yourself, and enter all the
continually updating its virus information they need.
definitions, and be capable of
PHISHING TO CATCH YOU ON THE
PHARM The only real protection against
the pharmers and phishermen is
As Bob discovered, the page he YOU. There are three things you
had been taken to by the bogus must consider when you read any
email message was identical to email demanding information:
the ebay logon page. Identical in
every way except for the URL. • Why do they want it? Be
extremely skeptical when they say
Out of curiosity, he checked the they have to "update their
URL for the ebay logon by records", "comply with federal
accessing ebay directly and regulations", or prevent fraud.
clicking on the logon link. The They are the ones initiating the
two URL's were nothing alike, fraud.
except the bogus one did have the
word "ebay" in it twice - just • Why can't this be done at the
enough to make it look authentic. website? Why not invite you to
access the website directly and
By combining the two techniques, provide this information? The
the phishermen/pharmers had answer is because the bonafide
avoided the high tech problems company doesn't need an update.
associated with downloading a
Virus that could get past his • What does the URL look like?
protection software. They had Is it a series of subdomains some
gone straight for the throat. of which have the name of the
bonafide company? Most likely the
Bob's throat. subdomain is set up with a free
hosting company.
YOUR ONLY REAL IDENTITY THEFT
PREVENTION AND PROTECTION • Have they provided partial
information about you as a
guarantee that the email The bottom line is: don't provide
authentically comes from the any information at the behest of
legitimate source? Be very an email, no matter how authentic
careful of this one. This it looks, or how authentic the
technique is effective for page it directs you to looks. If
"pretexting", impersonating a you must log in, do so at the
person or company, and was used parent site itself.
in the Hewlett Packard scandal to
collect information. Just because Your Identity Theft prevention
they know your first and last and protection is, in the final
name (and any other information - analysis, up to you.
known only to the legitimate
source) doesn't mean the email is Don't be the next sheep fleeced
legitimate. They probably by the pharmers who caught you
hijacked the information off the with the phisherman's hook. Being
server. dropped naked into their frying
pan is NOT a fate you want.
THE BOTTOM LINE
About the Author:
John Young is a writer with a scientific and technical background living in California. At the age of 62, he is the father of four, grandfather of 13, and lives with his wife and cat "Bear". Please check out his latest book on Identity Theft http://www.youridentitystolen.com
For some suggestions on Fire Walls, Virus, Spyware and Adware protection software visit his "California Software Shop" at http://www.pcreveal.com
Read more articles by: John Young
Article Source: www.iSnare.com
|
|
