October 7, 2005
By: Jim Oosterman
The newest online scam could also be the most dangerous. That's because even the most sophisticated internet user among us can be a victim of “pharming” without even knowing it. Warnings of “phishing” have been around for a couple of years, and now pharming is a rapidly growing threat to Web users, prompting more action by internet security experts and the banking industry.
Phishing – that is, fishing for private information – is when scammers send e-mails hoping to hook gullible victims. In a typical case, the consumer receives an e-mail appearing to originate from a bank, government agency or other organization that requests personal or financial information. The e-mail indicates that the consumer should click on a link to remedy trouble with an account or other related problem. The link takes the consumer to a phony Web site where he is asked to provide information such as a social security number, account numbers or other personal and financial details. If the unsuspecting consumer types in the requested information, the thieves get the data.
Pharmers now have joined the fray, with a twist. Pharming is a more complicated and subtle scam that secretly redirects internet users from a legitimate web site to a bogus one. For example, a bank customer, who types his online banking Web site address into the browser, will be sent automatically to an illegitimate Web site that looks identical to the genuine site. Once the bank customer logs in with his name and password, the information is “harvested” by the thief.
In both phishing and pharming, criminals can get their hands on your money or assume your identity.
A growing threat
According to Garter, a national research survey group, between May 2004 and May 2005, about 2.42 million U.S. adults suffered phishing losses valued at $929 million. Fifteen percent of the 11 million Americans who received a phishing email in the same time period clicked on it. Retailers, banks and software developers are scrambling to keep up, as thieves find new ways to trick security systems.
Don't take the bait!
Here is some advice from the Federal Trade Commission to help you from becoming “phish” food or pharmed:
Banks are working to prevent pharming attacks
The Federal Deposit Insurance Corporation has offered advice to help banks guard against pharming fraud. FDIC called on banks to use digital certificates, diligently manage their domain names, and educate consumers. Banks large and small are trying to keep up with technical solutions to these scams by continually boosting protection of their servers.
You can help, too. If the web site to your bank or other financial institution appears different in any way or you are being asked to provide different login information than normal, you might be experiencing a pharming attack. Contact your bank immediately with concerns about web site authenticity.
Remember, your bank will never send you an email asking for your passwords or account numbers, so avoid being hooked!