Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming. Does it differ from phishing -- and if yes, how?

Two Pharmings

Actually, two completely different fields use the term "pharming" now. We can say there exist two separate "pharmings".

If genetics or businessmen from pharmaceutical industry are talking about pharming (spelled like that) it might have nothing to do with computers. This word has long been familiar to genetic engineers. For them, it's a merger of "farming" and "pharmaceutical" and means the genetic engineering technique -- inserting extraneous genes into host animals or plants in order to make them produce some pharmaceutical product. Although it is a very interesting matter, this article is not about it.

As for PC users, the term "phishing" recently emerged to denote exploitation of a vulnerability in the DNS server software caused by malicious code. This code allows the cybercriminal who contaminated this PC with it to redirect traffic from one IP-address to the one he specified. In other words, a user who types in a URL goes to another web site, not the one he wanted to--and isn't supposed to notice the difference.

Usually such a website is disguised to look like a legitimate one -- of a bank or a credit card company. Sites of this kind are used solely to steal users' confidential information such as passwords, PIN numbers, SSNs and account numbers.

Dangerous Scams

A fake website that's what "traditional" phishing has in common with pharming. This scam can fool even an experienced computer user, and it makes pharming a grave threat. The danger here is that users don't click an email link to get to a counterfeit website.

Most people enter their personal information, unaware of possible fraud. Why should they suspect anything if they type the URL themselves, not following any links in a suspiciously-looking email? Unfortunately, "ordinary" phishers are also getting smarter. They eagerly learn; there is too much money involved to make criminals earnest students. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more fraudulent websites looked like legitimate ones.

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Spy Audit survey made by ISP Earthlink and Webroot Software also shows disturbing figures - 33.17% PCs contaminated with some program with information stealing capability.

However, more sophisticated identity theft attempts coexist with "old-fashioned" phishing scams. That is why users should not forget the advice which they all are likely to have learned by heart:

  • Never follow a link in an email, if it claims to be from a financial institution
  • Never open an attachment if the email is from somebody you don't know
  • Protect your PC from malware
  • Stay on the alert

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company that provides various solutions for information security.

The company's R&D department created an innovative technology, which disables information-stealing programs. Learn more -- visit the company's website http://www.anti-keyloggers.com

In The News:

A game changer in IT security  MIT Technology Review

Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is

A week or so ago, I received an inquiry from... Read More

Web and Computer Security

Well, if that would have been said to me by... Read More

Temporary Internet Files - the Good, the Bad, and the Ugly

A little bit of time invested into learning about internet... Read More

Online Shoppers, Beware of a New Scam

Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More

Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders

Can you protect your computer from all possible viruses and... Read More

Internet Shopping - How Safe Is It?

Millions of people make purchases online, but many people are... Read More

Backup and Save your business!

There you are busily typing away on your PC or... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More

Top Spyware Removers Considerations

Only the top spyware removers are successful at detecting and... Read More

Remove Rogue Desktop Icons Created By Spyware

If you have used a Windows machine for a while,... Read More

Computer Viruses, Worms, and Hoaxes

In recent days, I was one of the unfortunate persons... Read More

Is Your Email Private? Part 1 of 3

In a word, no - an email message has always... Read More

Dialing Up a Scam: Avoiding the Auto-Dialer Virus

For many, the daily walk to the mailbox evokes mixed... Read More

Dont Miss Information Because of Misinformation

It has been said that with the wealth of information,... Read More

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

Spyware Symptoms

Spyware symptoms happen when your computer gets bogged down with... Read More

Steganography ? The Art Of Deception & Concealment

The Message Must Get Through ----------------------------- The year is 300A.D.,... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

Do You Know What your Kids Are Doing Online?

It's a sad statistic, but hundreds of unsuspecting kids are... Read More

HackAttack

P C. owners are constantly at risk from attacks by... Read More

Spyware Removal

Spyware SolutionProbably Today's Biggest Computer Problem. You Suffer Without Knowing... Read More

Computer Viruses - How to Remove a Computer Virus from Your Computer

Computer viruses infect millions of computers every day. Viruses can... Read More

8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft

Ebay is a great site and is used by many... Read More

I Spy...Something Terribly Wrong (In Your Computer)

This really chapped my lips...I recently bought a new computer.... Read More