Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming. Does it differ from phishing -- and if yes, how?

Two Pharmings

Actually, two completely different fields use the term "pharming" now. We can say there exist two separate "pharmings".

If genetics or businessmen from pharmaceutical industry are talking about pharming (spelled like that) it might have nothing to do with computers. This word has long been familiar to genetic engineers. For them, it's a merger of "farming" and "pharmaceutical" and means the genetic engineering technique -- inserting extraneous genes into host animals or plants in order to make them produce some pharmaceutical product. Although it is a very interesting matter, this article is not about it.

As for PC users, the term "phishing" recently emerged to denote exploitation of a vulnerability in the DNS server software caused by malicious code. This code allows the cybercriminal who contaminated this PC with it to redirect traffic from one IP-address to the one he specified. In other words, a user who types in a URL goes to another web site, not the one he wanted to--and isn't supposed to notice the difference.

Usually such a website is disguised to look like a legitimate one -- of a bank or a credit card company. Sites of this kind are used solely to steal users' confidential information such as passwords, PIN numbers, SSNs and account numbers.

Dangerous Scams

A fake website that's what "traditional" phishing has in common with pharming. This scam can fool even an experienced computer user, and it makes pharming a grave threat. The danger here is that users don't click an email link to get to a counterfeit website.

Most people enter their personal information, unaware of possible fraud. Why should they suspect anything if they type the URL themselves, not following any links in a suspiciously-looking email? Unfortunately, "ordinary" phishers are also getting smarter. They eagerly learn; there is too much money involved to make criminals earnest students. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more fraudulent websites looked like legitimate ones.

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Spy Audit survey made by ISP Earthlink and Webroot Software also shows disturbing figures - 33.17% PCs contaminated with some program with information stealing capability.

However, more sophisticated identity theft attempts coexist with "old-fashioned" phishing scams. That is why users should not forget the advice which they all are likely to have learned by heart:

  • Never follow a link in an email, if it claims to be from a financial institution
  • Never open an attachment if the email is from somebody you don't know
  • Protect your PC from malware
  • Stay on the alert

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company that provides various solutions for information security.

The company's R&D department created an innovative technology, which disables information-stealing programs. Learn more -- visit the company's website http://www.anti-keyloggers.com

In The News:


Kitsap Sun

OC launches investigation of security director
Kitsap Sun
BREMERTON — Olympic College has launched an investigation of complaints against its director of campus safety in light of a vote of no confidence by the union representing security guards. The vote, taken in mid-January, showed 88 percent of members ...


The Sun

Security services knew of glaring weakness in Parliament security after 'war game' simulating attack on Westminster ...
The Sun
SECURITY services were aware of gaps in Parliament's security after a simulated attack ended with most MPs being killed, it has been claimed. A source quoted by the Sunday Times claimed a “table-top” exercise revealed four terrorists with automatic ...
Security chief told MPs they were safe in parliament before attackThe Guardian
Urgent review of security gates of Parliament needed after Westminster attackExpress.co.uk

all 56 news articles »

The Independent

Security breach renders in-flight laptop ban useless
The Independent
The airport which is the main target of the Government's ban on electronic devices has a security flaw that renders rigorous checks futile, The Independent can reveal. After clearing six separate security hurdles at Istanbul airport, passengers bound ...

and more »

Rochester Democrat and Chronicle

JCC receives $200,000 to improve security - Democrat and Chronicle
Rochester Democrat and Chronicle
Funds will be used to upgrade cameras and other measures following two bomb threats at the Brighton facility this month.
JCC of Rochester gets $200,000 for security enhancements | WXXI ...WXXI News

all 4 news articles »

Reuters

Britain reviewing security at parliament after deadly attack
Reuters
Interior minister Amber Rudd told the BBC there would be another review of security at the Palace of Westminster, but that such arrangements were continually assessed. "There are constant reviews and updates so that we have the right form of defense in ...
London attack fuels calls for tighter Westminster securityThe Guardian
London attack: Parliament security under reviewBBC News
Questions over Parliament security as motorcyclist rides through gate shortly after terrorist attackTelegraph.co.uk
Wall Street Journal (subscription)
all 8,418 news articles »

The Japan Times

European security ties 'too precious' for Brexit talks
The Japan Times
LONDON – Britain's intelligence expertise may be “too precious” to use as a bargaining tool in the upcoming Brexit talks, experts said, after a terror attack in London highlighted the need for continued European security cooperation. The suggestion ...

and more »

New System Estimates Cleveland Airport Security Wait Times
U.S. News & World Report
New System Estimates Cleveland Airport Security Wait Times. Cleveland's main airport is developing a system to help travelers more accurately compare wait times at its security checkpoints and better plan their trips. | March 27, 2017, at 12:08 a.m.. MORE.

and more »

Huffington Post

What Don't We Talk About When We Talk About Israel's Security
Huffington Post
When Israeli and American Jews talk about “Israel's security” they are thinking about the Holocaust and about extermination. That is the reason they choose the narrowest possible definition of “security,” a strip. Israel's “security” is what we ...

and more »

Otago Daily Times

Ivory Coast rescinds port security measures, attack threat unfounded
Reuters
"After compiling the information ... it emerged that the threat is not real," the head of maritime security Colonel Bertin Koffi Tano wrote in a second order to the Abidjan and San Pedro port authorities and shipping companies on Sunday. "I ask that ...
Ivory Coast boosts port security over attack threatOtago Daily Times

all 5 news articles »

The Sun

Security alert at Ant and Dec's Saturday Night Takeaway as police called amid claims four men broke into the studio
The Sun
An ITV spokesman said: “A youth who attempted to gain access to the London Television Centre, as a prank, at 11pm last night was quickly apprehended by our security team when he triggered an alarm as he climbed an external wall. “He did not gain access ...
Ant and Dec at centre of security alert after four men tried to 'break into' Saturday Night Takeaway studioMirror.co.uk

all 38 news articles »
Google News

Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers

I am the victim of an internet scam. It is... Read More

Blogs as Safe Haven for Cybercriminals?

To blog or not to blog? Well, why not? Lots... Read More

Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders

Can you protect your computer from all possible viruses and... Read More

Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER

From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26... Read More

Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk

The trash folder in my main inbox hit 4000 today.... Read More

Phishing - Learn To Identify It

Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More

The One Critical Piece Of Free Software Thats Been Overlooked

Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More

Spyware, What It Is, What It Does, And How To Stop It

Spyware is software that runs on a personal computer without... Read More

How to Thwart the Barbarian Spyware!

Today,on most internet user's computers, we have the ability to... Read More

Phishing

Recently I have received email from my bank/credit Card Company,... Read More

How to Know Whether an Email is a Fake or Not

A few nights ago I received an email from "2CO"... Read More

Internet Shopping - How Safe Is It?

Millions of people make purchases online, but many people are... Read More

Mail Forwarding - Why Would You Do It?

First of all we need to get some terms stated.... Read More

Five Excellent Indie Encryption And Security Solutions You Have Not Heard About

1. Geek Superhero http://www.deprice.com/geeksuperhero.htmGeek Superhero watches your computer for changes,... Read More

Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used... Read More

7 Ways to Spot a PayPal Scam E-Mail

Paypal is a great site and is used by many... Read More

Is Your Email Private? Part 1 of 3

In a word, no - an email message has always... Read More

Firewalls: What They Are And Why You MUST Have One!

A firewall is a system or gateway that prevents unauthorized... Read More

Computer Viruses, Worms, and Hoaxes

In recent days, I was one of the unfortunate persons... Read More

Viruses, Trojans, and Spyware - Oh My!

Have you ever had to call Symantec or McAfee to... Read More

Is My PC Vulnerable on the Internet?

No longer are viruses the only threat on the internet.... Read More

Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it... Read More

Mall Protection

The Loss Prevention Manager should be receptive to the needs... Read More

Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection... Read More

How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer

If you use the internet, you have probably been infected... Read More