“Pharming” is a sophisticated method
of identity theft. As described in an article by Jane Larson in
the Arizona Republic, pharming is an Internet scam that
involves “highly skilled hackers who secretly redirect users’
computers from financial sites to the scammers’ fake ones.”
By secretly sending individuals from sites such as personal online
banking accounts to the scammers’ own websites that look
strikingly similar, pharmers are able to steal these people’s
identities, including their passwords and other personal information.
These scammers are so sophisticated that even the domain names
of the fake sites look the same as the domain names of the legitimate
sites. Most alarming to computer experts is that pharmers can
potentially reroute thousands of Internet users at a time by planting
a few bits of malicious code.
According to Internet-security firms, pharmers have
two ways of simulating widely used websites. The scammers could
infect a personal computer with a virus. Without the computer
user knowing, the virus would then act within the computer to
send the user from the web address of the legitimate site to the
pharmer’s fake site. The pharmer then steals personal information,
such as a password or Social Security number, that the user inputs.
The second way that pharmers could commit ID theft
is by hacking into domain name system (DNS) servers that computers
on the Internet rely on to communicate with each other. After
the pharmers feed erroneous information into them, Internet users,
relying on a poisoned DNS server, may be directed to the pharmer’s
web pages after entering the URL of a well-known website. The
pharmer can then take any personal information that the user inputs
on the fraudulent site.
Pharming attacks have been increasing in recent
months. As reported in the Arizona Republic, the Arizona
Attorney General’s office heard about a case of a Phoenix
man having $5,000 stolen from his bank account in March of 2005
after he typed some of his personal information into an online
pop-up survey claiming to be from his bank. According to a report
by IDG News Service, the SANS Institute’s Internet
Storm Center issued a warning about pharming attacks after at
least 1,300 Internet domains were redirected to a rogue web server,
also in March of 2005. In a similar attack, pharmers targeted
the .com Internet domain and redirected some Internet users to
false web sites. The Internet Storm Center advises network operators
of such web sites when they are discovered.
Steps to Avoid Being “Pharmed”:
Unfortunately, it is difficult to detect when you
have been hijacked on the Internet. Both the URL and the fraudulent
website may appear to be normal. The Internet publication CNET
Reviews has suggested that more servers ought to add another
layer of authentication through what is called a certificate authority.
Most Internet browsers have the capability to check for certificates,
if only servers would use them. The U.S. Senate is considering
legislation that would apply criminal penalties of up to five
years in prison and fines of up to $250,000 for scammers who pharm
for personal information by redirecting Internet users to spoofed
banking and e-commerce sites.
In the meantime, follow these steps:
1. When you initiate a transaction through a website
that requires your personal or financial information, look for
indicators that the site is secure, like a lock icon on the
browser’s status bar or a URL for a website that begins
“https:” not just “http:” (the “s”
stands for “secure”). Not all URLs make use of these
security features; you might consider which do and which do
not before choosing the service or product you are buying on-line.
2. Many financial websites make use of a certificate
authority as a layer of authentication. Where used, the certificate
will appear in a dialog box as a yellow padlock icon that will
ask if you want to trust the website. Double-click on the icon
to make sure that the owner of the security certificate is legitimate.
Make sure that the name on the certificate matches the site
you are attempting to reach. If the certificate doesn’t
match or is nonexistent, then leave the website and do not input
any of your personal information. If the certificate matches
the website, then save the certificate so that when you return,
your browser will know that you have reached the correct address.
3. Some financial institutions have automatic
callbacks to let you know when you are about to enter into a
financial transaction. Some companies also use e-mail to verify
that you are giving your personal information to their websites.
4. In addition to the domain name (for example,
www.networksolutions.com), a website also has a numeric IP address
(such as 216.168.224.69). You can type the IP address instead
of the domain name in the address toolbar to go to the website.
To find the IP address for a domain name, go to www.networksolutions.com
and click on the “WHOIS” tab. Type in a domain name,
and then scroll down to find its IP address.
5. Install and update anti-virus and anti-spyware
software on your computer. Some viruses have been known to send
Internet users to a pharmer’s fake site.
6. Keep computer software updated and patched.
Install firewalls and scam filters.
7. Be extremely careful when downloading “free”
software from the Internet.
8. Look for anti-pharming software that is currently
in the works. Such software will display security information
and show the geographic location of the website host. Many pharmers
come from overseas, such as China, Russia, and Eastern Europe.
9. Be sure to review credit-card statements and
bank-account statements as soon as you receive them to determine
whether there are any unauthorized charges.
Sources:
Jane Larson, the Arizona Republic
Nathan Miller, Longwood Security Services
Grant Gross, IDG News Service
Robert Vamosi, CNET Reviews
Paul Roberts, IDG News Service
Kevin J. Delaney, Wall Street Journal
Equifax