A new scam has hit the Internet mainstream and could be the most
frightening of all. Why? Because even the most experienced Internet
users could fall victim and not even know it.
It's called pharming and involves extremely skilled hackers redirecting
customers who do online banking to fake sites where they can steal
passwords and other sensitive information about their accounts.
And unlike phishing (a scheme where users click on links to e-mails
and are redirected to fake sites), pharming captures a user on his
or her way to the bank or credit-card firm.
What alarms experts most is that pharming can reroute thousands
of Internet users at a time, making the impact potentially massive.
Methods of Operation
According to security experts, pharmers have two main ways of operating.
They attack:
- Users' computers
- Large servers that find Web sites for users
The first method sends virus-laden e-mails that install small software
programs on users' computers [text in blue]. Then, when a user updates
personal information (i.e. aslogons, PIN codes or driver's license
numbers), the scammers use the information to steal identities.
The second method takes advantage of the fact that Web sites have
verbal names but reside at numeric addresses on the Internet [text
in blue]. Typically, when a user types in a Web site's name into
their browser, Domain Name System (DNS) servers read the name, look
up its numeric address and take users to that site; however, pharmers
jump in by changing the real site's numeric address to the fake
site's numeric address and assault customers that way.
What's the Solution?
Companies and big organizations can ease the threat of pharming
by keeping their software up to date and patched. They can also
install firewalls, filter for known scams, and watch for changes
in Internet protocol addresses on their servers.
Additionally, anti-pharming software is underway, including products
that will display security information and show users where a Web
site is being hosted.
USA
Today April 22, 2005
|