Skip to main content

Protect Yourself From Phishers and Pharmers

October 7, 2005

By: Jim Oosterman
Melrose Bank

They Aren't Interested in the Great Outdoors

The newest online scam could also be the most dangerous. That's because even the most sophisticated internet user among us can be a victim of “pharming” without even knowing it. Warnings of “phishing” have been around for a couple of years, and now pharming is a rapidly growing threat to Web users, prompting more action by internet security experts and the banking industry.

Phishing – that is, fishing for private information – is when scammers send e-mails hoping to hook gullible victims. In a typical case, the consumer receives an e-mail appearing to originate from a bank, government agency or other organization that requests personal or financial information. The e-mail indicates that the consumer should click on a link to remedy trouble with an account or other related problem. The link takes the consumer to a phony Web site where he is asked to provide information such as a social security number, account numbers or other personal and financial details. If the unsuspecting consumer types in the requested information, the thieves get the data.

Pharmers now have joined the fray, with a twist. Pharming is a more complicated and subtle scam that secretly redirects internet users from a legitimate web site to a bogus one. For example, a bank customer, who types his online banking Web site address into the browser, will be sent automatically to an illegitimate Web site that looks identical to the genuine site. Once the bank customer logs in with his name and password, the information is “harvested” by the thief.

In both phishing and pharming, criminals can get their hands on your money or assume your identity.

A growing threat
According to Garter, a national research survey group, between May 2004 and May 2005, about 2.42 million U.S. adults suffered phishing losses valued at $929 million. Fifteen percent of the 11 million Americans who received a phishing email in the same time period clicked on it. Retailers, banks and software developers are scrambling to keep up, as thieves find new ways to trick security systems.

Don't take the bait!
Here is some advice from the Federal Trade Commission to help you from becoming “phish” food or pharmed:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine.
  • Don't email personal or financial information. If you initiate a transaction and want to provide your personal or financial information through an organization's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar, or the beginning of the Web address in your browsers address bar. It should read “https://” rather than just “http://” (the “s” stands for “secure”).
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges.
  • Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources.
  • Be cautious about opening any attachment or downloading files from emails you receive, regardless of who sent them.

Banks are working to prevent pharming attacks
The Federal Deposit Insurance Corporation has offered advice to help banks guard against pharming fraud. FDIC called on banks to use digital certificates, diligently manage their domain names, and educate consumers. Banks large and small are trying to keep up with technical solutions to these scams by continually boosting protection of their servers.

You can help, too. If the web site to your bank or other financial institution appears different in any way or you are being asked to provide different login information than normal, you might be experiencing a pharming attack. Contact your bank immediately with concerns about web site authenticity.

Remember, your bank will never send you an email asking for your passwords or account numbers, so avoid being hooked!

James Oosterman is the Vice President of Melrose Bank. He can be reached by telephone 781-665-2500, online at melrosebank.com or on Facebook at facebook.com/MelroseBank.


« Back to Articles

Discover everything we can offer.