Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming. Does it differ from phishing -- and if yes, how?

Two Pharmings

Actually, two completely different fields use the term "pharming" now. We can say there exist two separate "pharmings".

If genetics or businessmen from pharmaceutical industry are talking about pharming (spelled like that) it might have nothing to do with computers. This word has long been familiar to genetic engineers. For them, it's a merger of "farming" and "pharmaceutical" and means the genetic engineering technique -- inserting extraneous genes into host animals or plants in order to make them produce some pharmaceutical product. Although it is a very interesting matter, this article is not about it.

As for PC users, the term "phishing" recently emerged to denote exploitation of a vulnerability in the DNS server software caused by malicious code. This code allows the cybercriminal who contaminated this PC with it to redirect traffic from one IP-address to the one he specified. In other words, a user who types in a URL goes to another web site, not the one he wanted to--and isn't supposed to notice the difference.

Usually such a website is disguised to look like a legitimate one -- of a bank or a credit card company. Sites of this kind are used solely to steal users' confidential information such as passwords, PIN numbers, SSNs and account numbers.

Dangerous Scams

A fake website that's what "traditional" phishing has in common with pharming. This scam can fool even an experienced computer user, and it makes pharming a grave threat. The danger here is that users don't click an email link to get to a counterfeit website.

Most people enter their personal information, unaware of possible fraud. Why should they suspect anything if they type the URL themselves, not following any links in a suspiciously-looking email? Unfortunately, "ordinary" phishers are also getting smarter. They eagerly learn; there is too much money involved to make criminals earnest students. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more fraudulent websites looked like legitimate ones.

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Spy Audit survey made by ISP Earthlink and Webroot Software also shows disturbing figures - 33.17% PCs contaminated with some program with information stealing capability.

However, more sophisticated identity theft attempts coexist with "old-fashioned" phishing scams. That is why users should not forget the advice which they all are likely to have learned by heart:

  • Never follow a link in an email, if it claims to be from a financial institution
  • Never open an attachment if the email is from somebody you don't know
  • Protect your PC from malware
  • Stay on the alert

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company that provides various solutions for information security.

The company's R&D department created an innovative technology, which disables information-stealing programs. Learn more -- visit the company's website http://www.anti-keyloggers.com

In The News:

pen paper and inkwell


cat break through


Reporting Internet Scams

When it comes to reporting Internet scams most of us... Read More

What Can Be Done About Spyware And Adware

Having a good Spyware eliminator on your computer is vital... Read More

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

Preventing Online Identity Theft

Identity theft is one of the most common criminal acts... Read More

Blogs as Safe Haven for Cybercriminals?

To blog or not to blog? Well, why not? Lots... Read More

Watch Out For That Scam

The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint... Read More

How to Protect Yourself Against Online Criminals

Credit card fraud is a growing problem for online businesses... Read More

Internet/Network Security

Abstract Homogeneous symmetries and congestion control have garnered limited interest... Read More

Reclaim Your PC from the Internet Spies

Viruses are, however, not the only malicious software programs out... Read More

Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used... Read More

Firewall Protection - Does Your Firewall Do This?

The first thing people think about when defending their computers... Read More

Don?t Become An Identity Fraud Statistic!

"You've just won a fabulous vacation or prize package! Now,... Read More

How To Avoid Hackers From Destroying Your Site?

Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More

Is Spyware Watching You?

Imagine my surprise when I received a phone call from... Read More

A New Low

A new variation of the Nigerian Scam theme ... Read More

The One Critical Piece Of Free Software Thats Been Overlooked

Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More

Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support... Read More

40 Million People Hacked - YOU as Identity Theft Victim

Saturday, MasterCard blamed a vendor of ALL credit card providers... Read More

Phishing - Learn To Identify It

Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More

Reducing Fraudulent Transations ? 5 Simple Ways To Protect Yourself

The money being spent online is steadily growing. With billions... Read More

Free Antivirus Security Software: Download Now to Eliminate Spyware, Pop Up Ads, etc.

Adware. Spyware. Pesky pop up ads. Internet congestion. Computer malfunctions... Read More

Watching the Watchers: Detection and Removal of Spyware

If spyware were a person and he set himself up... Read More

Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code ------------------------------------- I had... Read More

Identity Theft -- 10 Simple Ways to Protect Your Good Name!

Identity Theft is one of the most serious problems facing... Read More

Top Five Online Scams

The top five online scams on the Internet hit nearly... Read More

I Spy...Something Terribly Wrong (In Your Computer)

This really chapped my lips...I recently bought a new computer.... Read More

Be Aware of Phishing Scams!

If you use emails actively in your communication, you must... Read More

How to Thwart the Barbarian Spyware!

Today,on most internet user's computers, we have the ability to... Read More

From Spyware with Love!

It's late. You've been scouring the web for that perfect... Read More

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living... Read More

Corporate Security for Your Home Business

The words Corporate Security may conjure up images of a... Read More