Phishing and Pharming, Awareness and Prevention

Argueably one of the main security topics in recent years has been the onset and prevalence of phishing and pharming scams. Unfortunately, while many end users have heard of these threats, they remain unaware of the severity of these very dangerous scams. Users should educate themselves not only on prevention techniques but also on the scams’ processes. This article is meant to provide users with a non-technical explanation of phishing and pharming, as well as prevention techniques

Phishing

Phishing is a form of identity theft in which phishers, people that use phishing, create websites that appear to belong to legitimate companies. Phishers usually draw users to these fraudulent sites by sending websites links in authentic-looking emails, which could even include the real company’s logo. If a user is drawn to the phisher’s website and submits his or her personal information, the information is submitted to the phisher.

For example, a user receives a fake email supposedly from Bank XYZ with a link back to the site asking you to click on the link. That user then clicks the link and is sent to a page which looks like the XYZ login page but the address in the address bar at the top of the browser is not correct. When the user types in his or her user information, they aren’t logged into XYZ but instead the phisher now has his or her user information and can log into their XYZ account.

Pharming (aka Domain Spoofing)

Pharming occurs when a hacker “poisons” the domain name, or web address (www.google.com, http://www.yahoo.com, etc), of a website and redirects users from the “poisoned” website to another website usually owned by the hacker. Once at the hacker’s site, the pharming process is identical to phishing. Users submit information to the hacker’s site but are truly submitting their information directly to the hacker.

Unfortunately, this technique can cause large groups of users to be driven to fraudulent sites even if they type in the correct URL, or web address. The larger the website address “poisoned” the larger the pharming scam. For example, if http://www.google.com has been “poisoned,” when you type in http://www.xyz.com you would not be taken to the real XYZ page but one of the hacker’s choosing. If the page is created to look the same as the real site then it may be hard to tell that pharming has occurred since the address bar will still say http://www.xyz.com.

Phishing and Pharming Prevention

** As a general rule NEVER click a web address inside of an email. Even though the email seems to be from someone you know or an organization you know to be safe simply open your browser (Internet Explorer, Firefox, etc.) and navigate to the website without using the link in the email.

  • Phishing

1) Watch the address bar! Phishing does not disguise the URL in the address bar so you will be able to see the difference in the address bar at the top of your browser. If phishing is occurring the URL, or web address, will be incorrect.

2) If you think that you may have fallen victim to this, the best advice is to login to the real website and change your password. This will negate the information that the phisher obtained but I must stress that this be done immediately so as not to give the phisher time to change your password or collect your information.

  • Pharming

1) You CANNOT rely on the address bar. The address bar will look correct but you will not be on the website that it says.

2) Check names on authentication certificates. If the name doesn’t match the site you want to go to, leave the site and contact a tech to verify the authenticity of a site.